CVE-2021-34722 — Vulnetix

CVE-2021-34722 PUBLISHED CVSS 6.699999809265137 MEDIUM

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

EPSS 0.07% · 20.5th percentile

Risk Scores

CVSS 3.1

6.699999809265137

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.07%

20.5th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco IOS XR Software	*
cisco	ios_xr	7.4.0, 7.1.1, 7.4.0

Exploit Intelligence

20210908 Cisco IOS XR Software Command Injection Vulnerabilities (circl)

Timeline

Apr 13, 2021 CVE Published
Sep 9, 2021 EPSS Score
Nov 6, 2021 EPSS Score
Jan 2, 2022 EPSS Score
Jan 6, 2022 EPSS Score
Mar 1, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 24, 2022 EPSS Score
Aug 22, 2022 EPSS Score
Dec 16, 2022 EPSS Score
Feb 11, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

20210908 Cisco IOS XR Software Command Injection Vulnerabilities vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-34722 advisory

Open in Interactive Console →