CVE-2021-34708

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS v3 6.7 MEDIUM
CVSS v2.0 7.2 HIGH

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-QN9mCzwn	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:h:cisco:8101-32fh:-:::::::*
	cpe:2.3:h:cisco:8101-32h::::::::
	cpe:2.3:h:cisco:8102-64h:-:::::::*
	cpe:2.3:h:cisco:8201:-:::::::*
	cpe:2.3:h:cisco:8201-32fh:-:::::::*
	cpe:2.3:h:cisco:8202:-:::::::*
	cpe:2.3:h:cisco:8800_12-slot:-:::::::*
	cpe:2.3:h:cisco:8800_18-slot:-:::::::*
	cpe:2.3:h:cisco:8800_4-slot:-:::::::*
	cpe:2.3:h:cisco:8800_8-slot:-:::::::*

cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:h:cisco:n540-12z20g-sys-a:-:::::::*
	cpe:2.3:h:cisco:n540-12z20g-sys-d:-:::::::*
	cpe:2.3:h:cisco:n540-24z8q2c-m:-:::::::*
	cpe:2.3:h:cisco:n540-24z8q2c-sys:-:::::::*
	cpe:2.3:h:cisco:n540-28z4c-sys-a:-:::::::*
	cpe:2.3:h:cisco:n540-28z4c-sys-d:-:::::::*
	cpe:2.3:h:cisco:n540-acc-sys:-:::::::*
	cpe:2.3:h:cisco:n540x-12z16g-sys-a:-:::::::*
	cpe:2.3:h:cisco:n540x-12z16g-sys-d:-:::::::*
	cpe:2.3:h:cisco:n540x-16z4g8q2c-a:-:::::::*
	cpe:2.3:h:cisco:n540x-16z4g8q2c-d:-:::::::*
	cpe:2.3:h:cisco:n540x-acc-sys:-:::::::*

OR	cpe:2.3:o:cisco:ios_xr::::::::
	cpe:2.3:o:cisco:ios_xr::::::::

History

21 Sep 2021, 19:47

Type	Values Removed	Values Added
CWE		CWE-347
CPE		cpe:2.3:h:cisco:8800_18-slot:-:::::::* cpe:2.3:h:cisco:8800_4-slot:-:::::::* cpe:2.3:h:cisco:n540-acc-sys:-:::::::* cpe:2.3:h:cisco:n540x-12z16g-sys-d:-:::::::* cpe:2.3:h:cisco:n540-24z8q2c-sys:-:::::::* cpe:2.3:h:cisco:n540x-12z16g-sys-a:-:::::::* cpe:2.3:h:cisco:n540-12z20g-sys-d:-:::::::* cpe:2.3:h:cisco:n540-24z8q2c-m:-:::::::* cpe:2.3:h:cisco:n540-28z4c-sys-a:-:::::::* cpe:2.3:h:cisco:n540x-acc-sys:-:::::::* cpe:2.3:h:cisco:n540x-16z4g8q2c-d:-:::::::* cpe:2.3:h:cisco:8202:-:::::::* cpe:2.3:h:cisco:8201:-:::::::* cpe:2.3:h:cisco:n540-12z20g-sys-a:-:::::::* cpe:2.3:h:cisco:n540-28z4c-sys-d:-:::::::* cpe:2.3:h:cisco:8800_12-slot:-:::::::* cpe:2.3:h:cisco:8800_8-slot:-:::::::* cpe:2.3:h:cisco:n540x-16z4g8q2c-a:-:::::::* cpe:2.3:o:cisco:ios_xr:::::::: cpe:2.3:h:cisco:8102-64h:-:::::::* cpe:2.3:h:cisco:8201-32fh:-:::::::* cpe:2.3:h:cisco:8101-32fh:-:::::::* cpe:2.3:h:cisco:8101-32h::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 6.7
References	~~(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-QN9mCzwn -~~	(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-QN9mCzwn - Vendor Advisory

09 Sep 2021, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-09-09 05:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-34708

Mitre link : CVE-2021-34708

CVE.ORG link : CVE-2021-34708

JSON object : View

Products Affected

cisco

8101-32h
n540x-12z16g-sys-d
n540-acc-sys
8800_18-slot
8201
8800_8-slot
8202
n540-28z4c-sys-a
n540x-acc-sys
8201-32fh
8800_4-slot
n540-12z20g-sys-a
n540x-12z16g-sys-a
n540-24z8q2c-m
n540x-16z4g8q2c-a
8102-64h
n540-24z8q2c-sys
ios_xr
n540x-16z4g8q2c-d
n540-28z4c-sys-d
n540-12z20g-sys-d
8800_12-slot
8101-32fh

CWE

CWE-347

Improper Verification of Cryptographic Signature

6.7 /10