Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-34723

A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of the configuration database and gain root-level access to an affected device.

Published

2021-09-23T03:15:18.427

Last Modified

2024-11-21T06:11:03.147

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-668
Type: Primary
CWE-668

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xe	17.3.1a	Yes
Hardware	cisco	asr_1000-x	-	No
Hardware	cisco	asr_1001	-	No
Hardware	cisco	asr_1001-x	-	No
Hardware	cisco	asr_1002	-	No
Hardware	cisco	asr_1002-x	-	No
Hardware	cisco	asr_1004	-	No
Hardware	cisco	asr_1006	-	No
Hardware	cisco	asr_1013	-	No
Hardware	cisco	asr_1023	-	No
Operating System	cisco	ios_xe	17.3.1a	Yes
Hardware	cisco	4321_integrated_services_router	-	No
Hardware	cisco	4331_integrated_services_router	-	No
Hardware	cisco	4351_integrated_services_router	-	No
Hardware	cisco	4431_integrated_services_router	-	No
Operating System	cisco	ios_xe	17.3.1a	Yes
Hardware	cisco	1100-4g_integrated_services_router	-	No
Hardware	cisco	1100-4gltegb_integrated_services_router	-	No
Hardware	cisco	1100-4gltena_integrated_services_router	-	No
Hardware	cisco	1100-6g_integrated_services_router	-	No
Hardware	cisco	1100-lte_integrated_services_router	-	No
Hardware	cisco	1100_integrated_services_router	-	No
Operating System	cisco	ios_xe	17.3.1a	Yes
Hardware	cisco	csr1000v	-	No

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-arbfileov-MVOF3ZZn Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-arbfileov-MVOF3ZZn Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)