First published: Thu Sep 23 2021(Updated: )
A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of the configuration database and gain root-level access to an affected device.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IOS XE | =17.3.1a | |
Cisco Asr 1000-x | ||
Cisco Asr 1001 | ||
Cisco Asr 1001-x | ||
Cisco Asr 1002 | ||
Cisco Asr 1002-x | ||
Cisco Asr 1004 | ||
Cisco Asr 1006 | ||
Cisco Asr 1013 | ||
Cisco Asr 1023 | ||
Cisco 4321 Integrated Services Router | ||
Cisco 4331 Integrated Services Router | ||
Cisco 4351 Integrated Services Router | ||
Cisco 4431 Integrated Services Router | ||
Cisco 1100-4g Integrated Services Router | ||
Cisco 1100-4gltegb Integrated Services Router | ||
Cisco 1100-4gltena Integrated Services Router | ||
Cisco 1100-6g Integrated Services Router | ||
Cisco 1100-lte Integrated Services Router | ||
Cisco 1100 Integrated Services Router | ||
Cisco Csr1000v |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-34723.
The severity of CVE-2021-34723 is medium with a severity value of 6.7.
Cisco IOS XE SD-WAN Software version 17.3.1a is affected by CVE-2021-34723.
CVE-2021-34723 allows an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device by exploiting a vulnerability in a specific CLI command.
To fix CVE-2021-34723, it is recommended to upgrade to a fixed version of Cisco IOS XE SD-WAN Software.