CVE-2021-34728: Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities
First published: Thu Sep 09 2021(Updated: )
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XR | <7.3.2 | |
| Cisco IOS XR | >=7.4.0<7.4.1 | |
| Cisco Asr 9000v-v2 | ||
| Cisco Asr 9001 | ||
| Cisco Asr 9006 | ||
| Cisco Asr 9010 | ||
| Cisco Asr 9901 | ||
| Cisco Asr 9902 | ||
| Cisco Asr 9903 | ||
| Cisco Asr 9904 | ||
| Cisco Asr 9906 | ||
| Cisco Asr 9910 | ||
| Cisco Asr 9912 | ||
| Cisco Asr 9922 | ||
| Cisco Ios Xrv | ||
| Cisco Ios Xrv 9000 | ||
| Cisco Ncs 520 | ||
| Cisco Ncs 540 | ||
| Cisco Ncs 540 Fronthaul | ||
| Cisco Ncs 560-4 | ||
| Cisco Ncs 560-7 | ||
| Cisco Ncs 5001 | ||
| Cisco Ncs 5002 | ||
| Cisco Ncs 5011 | ||
| Cisco Ncs 4009 | ||
| Cisco Ncs 4016 | ||
| Cisco Ncs 5501 | ||
| Cisco Ncs 5501-se | ||
| Cisco Ncs 5502 | ||
| Cisco Ncs 5502-se | ||
| Cisco Ncs 5508 | ||
| Cisco Ncs 5516 | ||
| Cisco Ncs 6000 | ||
| Cisco Ncs 6008 | ||
| Cisco Ncs 1001 | ||
| Cisco Ncs 1002 | ||
| Cisco Ncs 1004 | ||
| Cisco 8101-32fh | ||
| Cisco 8101-32h | ||
| Cisco 8102-64h | ||
| Cisco 8201 | ||
| Cisco 8201-32fh | ||
| Cisco 8202 | ||
| Cisco 8804 | ||
| Cisco 8808 | ||
| Cisco 8812 | ||
| Cisco 8818 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-34728?
CVE-2021-34728 is a vulnerability in the CLI of Cisco IOS XR Software that could allow an authenticated, local attacker to elevate privileges on an affected device.
What is the severity of CVE-2021-34728?
The severity of CVE-2021-34728 is high with a CVSS score of 7.8.
How can an attacker exploit CVE-2021-34728?
An attacker with a low-privileged account can exploit CVE-2021-34728 by leveraging vulnerabilities in the CLI of Cisco IOS XR Software to elevate privileges on the targeted device.
Which versions of Cisco IOS XR Software are affected by CVE-2021-34728?
Cisco IOS XR Software versions up to and including 7.3.2 and versions 7.4.0 to 7.4.1 are affected by CVE-2021-34728.
How can I mitigate the CVE-2021-34728 vulnerability?
To mitigate the CVE-2021-34728 vulnerability, Cisco recommends upgrading to a fixed software release.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/cisco
- canonical/cisco ios xr
- version/cisco ios xr/7.4.0
- canonical/cisco asr 9000v-v2
- canonical/cisco asr 9001
- canonical/cisco asr 9006
- canonical/cisco asr 9010
- canonical/cisco asr 9901
- canonical/cisco asr 9902
- canonical/cisco asr 9903
- canonical/cisco asr 9904
- canonical/cisco asr 9906
- canonical/cisco asr 9910
- canonical/cisco asr 9912
- canonical/cisco asr 9922
- canonical/cisco ios xrv
- canonical/cisco ios xrv 9000
- canonical/cisco ncs 520
- canonical/cisco ncs 540
- canonical/cisco ncs 540 fronthaul
- canonical/cisco ncs 560-4
- canonical/cisco ncs 560-7
- canonical/cisco ncs 5001
- canonical/cisco ncs 5002
- canonical/cisco ncs 5011
- canonical/cisco ncs 4009
- canonical/cisco ncs 4016
- canonical/cisco ncs 5501
- canonical/cisco ncs 5501-se
- canonical/cisco ncs 5502
- canonical/cisco ncs 5502-se
- canonical/cisco ncs 5508
- canonical/cisco ncs 5516
- canonical/cisco ncs 6000
- canonical/cisco ncs 6008
- canonical/cisco ncs 1001
- canonical/cisco ncs 1002
- canonical/cisco ncs 1004
- canonical/cisco 8101-32fh
- canonical/cisco 8101-32h
- canonical/cisco 8102-64h
- canonical/cisco 8201
- canonical/cisco 8201-32fh
- canonical/cisco 8202
- canonical/cisco 8804
- canonical/cisco 8808
- canonical/cisco 8812
- canonical/cisco 8818