Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-34696

A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a method other than the configuration CLI. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.

Published

2021-09-23T03:15:15.633

Last Modified

2024-11-21T06:10:58.117

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-284
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco ios_xe ≤ 17.3.2 Yes
Hardware cisco asr_902 - No
Hardware cisco asr_903 - No
Hardware cisco asr_907 - No
Hardware cisco asr_920-10sz-pd - No
Hardware cisco asr_920-10sz-pd_r - No
Hardware cisco asr_920-12cz-a - No
Hardware cisco asr_920-12cz-a_r - No
Hardware cisco asr_920-12cz-d - No
Hardware cisco asr_920-12cz-d_r - No
Hardware cisco asr_920-12sz-im - No
Hardware cisco asr_920-12sz-im_r - No
Hardware cisco asr_920-24sz-im - No
Hardware cisco asr_920-24sz-im_r - No
Hardware cisco asr_920-24sz-m - No
Hardware cisco asr_920-24sz-m_r - No
Hardware cisco asr_920-24tz-m - No
Hardware cisco asr_920-24tz-m_r - No
Hardware cisco asr_920-4sz-a - No
Hardware cisco asr_920-4sz-a_r - No
Hardware cisco asr_920-4sz-d - No
Hardware cisco asr_920-4sz-d_r - No
Hardware cisco asr_920u-12sz-im - No
References