First published: Thu Sep 23 2021(Updated: )
A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a method other than the configuration CLI. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IOS XE | <=17.3.2 | |
Cisco Asr 902 | ||
Cisco ASR 903 | ||
Cisco Asr 907 | ||
Cisco Asr 920-10sz-pd | ||
Cisco Asr 920-10sz-pd R | ||
Cisco Asr 920-12cz-a | ||
Cisco Asr 920-12cz-a R | ||
Cisco Asr 920-12cz-d | ||
Cisco Asr 920-12cz-d R | ||
Cisco Asr 920-12sz-im | ||
Cisco Asr 920-12sz-im R | ||
Cisco Asr 920-24sz-im | ||
Cisco Asr 920-24sz-im R | ||
Cisco Asr 920-24sz-m | ||
Cisco Asr 920-24sz-m R | ||
Cisco Asr 920-24tz-m | ||
Cisco Asr 920-24tz-m R | ||
Cisco Asr 920-4sz-a | ||
Cisco Asr 920-4sz-a R | ||
Cisco Asr 920-4sz-d | ||
Cisco Asr 920-4sz-d R | ||
Cisco Asr 920u-12sz-im |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-34696.
The severity of CVE-2021-34696 is medium with a CVSS score of 5.8.
Cisco ASR 900 and ASR 920 Series Aggregation Services Routers with Cisco IOS XE 17.3.2 are affected.
An unauthenticated remote attacker can exploit this vulnerability by bypassing a configured ACL.
Yes, Cisco has released a security advisory with mitigation measures for CVE-2021-34696.