CVE-2021-34696: Cisco ASR 900 and ASR 920 Series Aggregation Services Routers Access Control List Bypass Vulnerability
First published: Thu Sep 23 2021(Updated: )
A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a method other than the configuration CLI. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XE | <=17.3.2 | |
| Cisco Asr 902 | ||
| Cisco ASR 903 | ||
| Cisco Asr 907 | ||
| Cisco Asr 920-10sz-pd | ||
| Cisco Asr 920-10sz-pd R | ||
| Cisco Asr 920-12cz-a | ||
| Cisco Asr 920-12cz-a R | ||
| Cisco Asr 920-12cz-d | ||
| Cisco Asr 920-12cz-d R | ||
| Cisco Asr 920-12sz-im | ||
| Cisco Asr 920-12sz-im R | ||
| Cisco Asr 920-24sz-im | ||
| Cisco Asr 920-24sz-im R | ||
| Cisco Asr 920-24sz-m | ||
| Cisco Asr 920-24sz-m R | ||
| Cisco Asr 920-24tz-m | ||
| Cisco Asr 920-24tz-m R | ||
| Cisco Asr 920-4sz-a | ||
| Cisco Asr 920-4sz-a R | ||
| Cisco Asr 920-4sz-d | ||
| Cisco Asr 920-4sz-d R | ||
| Cisco Asr 920u-12sz-im |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-34696.
What is the severity of CVE-2021-34696?
The severity of CVE-2021-34696 is medium with a CVSS score of 5.8.
Which software is affected by CVE-2021-34696?
Cisco ASR 900 and ASR 920 Series Aggregation Services Routers with Cisco IOS XE 17.3.2 are affected.
How can an attacker exploit CVE-2021-34696?
An unauthenticated remote attacker can exploit this vulnerability by bypassing a configured ACL.
Is there a fix available for CVE-2021-34696?
Yes, Cisco has released a security advisory with mitigation measures for CVE-2021-34696.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/cisco
- canonical/cisco ios xe
- version/cisco ios xe/17.3.2
- canonical/cisco asr 902
- canonical/cisco asr 903
- canonical/cisco asr 907
- canonical/cisco asr 920-10sz-pd
- canonical/cisco asr 920-10sz-pd r
- canonical/cisco asr 920-12cz-a
- canonical/cisco asr 920-12cz-a r
- canonical/cisco asr 920-12cz-d
- canonical/cisco asr 920-12cz-d r
- canonical/cisco asr 920-12sz-im
- canonical/cisco asr 920-12sz-im r
- canonical/cisco asr 920-24sz-im
- canonical/cisco asr 920-24sz-im r
- canonical/cisco asr 920-24sz-m
- canonical/cisco asr 920-24sz-m r
- canonical/cisco asr 920-24tz-m
- canonical/cisco asr 920-24tz-m r
- canonical/cisco asr 920-4sz-a
- canonical/cisco asr 920-4sz-a r
- canonical/cisco asr 920-4sz-d
- canonical/cisco asr 920-4sz-d r
- canonical/cisco asr 920u-12sz-im