Request a Demo
Rewterz
Rewterz Threat Advisory – CVE-2021-3715 – Linux Kernel Privilege Escalation
September 9, 2021
Rewterz
Rewterz Threat Advisory – Multiple Mozilla Firefox Security Vulnerabilities
September 9, 2021

Rewterz Threat Advisory – Multiple Cisco IOS Software Security Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-617

Cisco IOS XR Software is vulnerable to a denial of service, caused by improper handling of a specific RPKI to Router (RTR) Protocol packet header. By sending a specially-crafted RTR packet, a remote attacker could exploit this vulnerability to cause the BGP process to constantly restart, and results in a denial of service condition.

CVE-2021-34722

Cisco IOS XR Software could allow a local authenticated attacker to execute arbitrary commands on the system, caused by input validation of command arguments. By submitting specially-crafted arguments using CLI commands, an attacker could exploit this vulnerability to execute arbitrary commands as root on the underlying root shell.

CVE-2021-34721

Cisco IOS XR Software could allow a local authenticated attacker to execute arbitrary commands on the system, caused by input validation of commands supplied by a user. By submitting specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary commands as root on the underlying root shell.

CVE-2021-34771

Cisco IOS XR Software could allow a local authenticated attacker to obtain sensitive information, caused by insufficient application of restrictions during the execution of a specific command. By executing a specially-crafted command, an attacker could exploit this vulnerability to view sensitive configuration information, and use this information to launch further attacks against the affected system.

CVE-2021-34737

Cisco IOS XR Software is vulnerable to a denial of service, caused by a NULL pointer dereference flaw when validating certain DHCPv4 messages. By sending a specially-crafted DHCPv4 message, a remote attacker could exploit this vulnerability to cause the the dhcpd process to crash.

Impact

  • Command Injection
  • Denial of Service
  • Unauthorized Access

Affected Vendors

Cisco

Affected Products

  • Cisco IOS XR Software 7.3
  • Cisco IOS XR Software 7.1.1
  • Cisco Network Convergence System (NCS) 540 Series Routers
  • Cisco ASR 9000 Series Aggregation Services Routers

Remediation

Refer to Cisco Security Advisory for the patch, upgrade, or suggested workaround information.

For CVE-2021-617

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrbgp-rpki-dos-gvmjqxbk

For CVE-2021-34722

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc

For CVE-2021-34721

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc

For CVE-2021-34771

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-infodisc-CjLdGMc5

For CVE-2021-34737

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dhcp-dos-pjPVReLU