CVE-2021-34718

CVE Database · CVE-2021-34718

CVE-2021-34718

· HIGHModified

CVSS v3.1

8.1

EPSS

1.53%

Published

Sep 9, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Weaknesses (CWE)

CWE-88CWE-88

Affected Products (51)

cisco · ios_xr (up to 7.3.2)vulnerable

cisco · ios_xr (up to 7.4.1)vulnerable

cisco · asr_9000v-v2

cisco · asr_9001

cisco · asr_9006

cisco · asr_9010

cisco · asr_9901

cisco · asr_9902

cisco · asr_9903

cisco · asr_9904

cisco · asr_9906

cisco · asr_9910

cisco · asr_9912

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs