VDB
CVE-2021-34718
CVE-2021-34718
PUBLISHED
CVSS 8.100000381469727 HIGH
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.
EPSS 1.80% · 83.2th percentile
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
1.80%
83.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | ios_xr | 0, 0, 7.4.0 |
| Cisco | Cisco IOS XR Software | n/a |
Exploit Intelligence
Timeline
- Sep 9, 2021 CVE Published
- Sep 9, 2021 EPSS Score
- Nov 6, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 1, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jun 24, 2022 EPSS Score
- Aug 22, 2022 EPSS Score
- Oct 19, 2022 EPSS Score
- Dec 16, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://nvd.nist.gov/vuln/detail/CVE-2021-34718 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-npspin-QYpwdhFD advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2 advisory