CVE-2021-34723

CVE Database · CVE-2021-34723

CVE-2021-34723

· MEDIUMModified

CVSS v3.1

6.7

EPSS

0.24%

Published

Sep 23, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of the configuration database and gain root-level access to an affected device.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-668CWE-668

Affected Products (24)

cisco · ios_xevulnerable

cisco · asr_1000-x

cisco · asr_1001

cisco · asr_1001-x

cisco · asr_1002

cisco · asr_1002-x

cisco · asr_1004

cisco · asr_1006

cisco · asr_1013

cisco · asr_1023

cisco · ios_xevulnerable

cisco · 4321_integrated_services_router

cisco · 4331_integrated_services_router

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-arbfileov-MVOF3ZZn

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-arbfileov-MVOF3ZZn

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs