CVE-2021-34721

EUVD-2021-21371
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ciscoCNA
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
ciscoios_xr
𝑥
< 7.3.2
ciscoios_xr
7.4.0 ≤
𝑥
≤ 7.4.1
ciscoios_xr
𝑥
< 7.3.2
ciscoios_xr
7.4.0 ≤
𝑥
≤ 7.4.1
ciscoios_xr
𝑥
< 7.3.2
ciscoios_xr
7.4.0 ≤
𝑥
< 7.4.1
ciscoios_xr
𝑥
< 7.3.2
ciscoios_xr
7.4.0 ≤
𝑥
< 7.4.1
ciscoios_xr
𝑥
< 7.3.2
ciscoios_xr
7.4.0 ≤
𝑥
< 7.4.1
ciscoios_xr
𝑥
< 7.3.2
ciscoios_xr
7.4.0 ≤
𝑥
< 7.4.1
ciscoios_xr
𝑥
< 7.3.2
ciscoios_xr
7.4.0 ≤
𝑥
< 7.4.1
ciscoios_xr
𝑥
< 7.3.2
ciscoios_xr
7.4.0 ≤
𝑥
< 7.4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc