CVE-2021-34722

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ciscoCNA
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
ciscoios_xr
7.1.1 ≤
𝑥
< 7.3.2
ciscoios_xr
7.4.0 ≤
𝑥
< 7.4.1
ciscoios_xr
7.1.1 ≤
𝑥
< 7.3.2
ciscoios_xr
7.4.0 ≤
𝑥
< 7.4.1
ciscoios_xr
7.1.1 ≤
𝑥
< 7.3.2
ciscoios_xr
7.4.0 ≤
𝑥
< 7.4.1
ciscoios_xr
7.1.1 ≤
𝑥
< 7.3.2
ciscoios_xr
7.4.0 ≤
𝑥
< 7.4.1
ciscoios_xr
7.1.1 ≤
𝑥
< 7.3.2
ciscoios_xr
7.4.0 ≤
𝑥
< 7.4.1
ciscoios_xr
7.1.1 ≤
𝑥
< 7.3.2
ciscoios_xr
7.4.0 ≤
𝑥
< 7.4.1
ciscoios_xr
7.1.1 ≤
𝑥
< 7.3.2
ciscoios_xr
7.4.0 ≤
𝑥
< 7.4.1
ciscoios_xr
7.1.1 ≤
𝑥
< 7.3.2
ciscoios_xr
7.4.0 ≤
𝑥
< 7.4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc