CVE-2021-34708: Cisco IOS XR Software for Cisco 8000 and Network Convergence System 540 Series Routers Image Verification Vulnerabilities
First published: Thu Sep 09 2021(Updated: )
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XR | <7.3.2 | |
| Cisco 8101-32fh | ||
| Cisco 8101-32h | ||
| Cisco 8102-64h | ||
| Cisco 8201 | ||
| Cisco 8201-32fh | ||
| Cisco 8202 | ||
| Cisco 8800 12-slot | ||
| Cisco 8800 18-slot | ||
| Cisco 8800 4-slot | ||
| Cisco 8800 8-slot | ||
| Cisco IOS XR | >=7.4.0<7.4.1 | |
| Cisco N540-12z20g-sys-a | ||
| Cisco N540-12z20g-sys-d | ||
| Cisco N540-24z8q2c-m | ||
| Cisco N540-24z8q2c-sys | ||
| Cisco N540-28z4c-sys-a | ||
| Cisco N540-28z4c-sys-d | ||
| Cisco N540-acc-sys | ||
| Cisco N540x-12z16g-sys-a | ||
| Cisco N540x-12z16g-sys-d | ||
| Cisco N540x-16z4g8q2c-a | ||
| Cisco N540x-16z4g8q2c-d | ||
| Cisco N540x-acc-sys |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-34708?
CVE-2021-34708 is a vulnerability that affects Cisco Network Convergence System (NCS) 540 Series Routers and Cisco 8000 Series Routers.
How severe is CVE-2021-34708?
CVE-2021-34708 has a severity rating of 6.7, which is classified as high.
What is the affected software for CVE-2021-34708?
The affected software for CVE-2021-34708 includes Cisco IOS XR NCS540L software images and Cisco IOS XR Software for Cisco 8000 Series Routers.
How can an attacker exploit CVE-2021-34708?
An authenticated, local attacker can exploit CVE-2021-34708 to execute arbitrary code.
Is there a fix available for CVE-2021-34708?
Yes, Cisco has released software updates to address CVE-2021-34708. It is recommended to update to the latest version.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/cisco
- canonical/cisco ios xr
- canonical/cisco 8101-32fh
- canonical/cisco 8101-32h
- canonical/cisco 8102-64h
- canonical/cisco 8201
- canonical/cisco 8201-32fh
- canonical/cisco 8202
- canonical/cisco 8800 12-slot
- canonical/cisco 8800 18-slot
- canonical/cisco 8800 4-slot
- canonical/cisco 8800 8-slot
- version/cisco ios xr/7.4.0
- canonical/cisco n540-12z20g-sys-a
- canonical/cisco n540-12z20g-sys-d
- canonical/cisco n540-24z8q2c-m
- canonical/cisco n540-24z8q2c-sys
- canonical/cisco n540-28z4c-sys-a
- canonical/cisco n540-28z4c-sys-d
- canonical/cisco n540-acc-sys
- canonical/cisco n540x-12z16g-sys-a
- canonical/cisco n540x-12z16g-sys-d
- canonical/cisco n540x-16z4g8q2c-a
- canonical/cisco n540x-16z4g8q2c-d
- canonical/cisco n540x-acc-sys