VDB

CVE-2021-34727

CVE-2021-34727 PUBLISHED CVSS 9.800000190734863 CRITICAL

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. A successful exploit could allow the attacker to cause a buffer overflow and possibly execute arbitrary commands with root-level privileges, or cause the device to reload, which could result in a denial of service condition.

EPSS 1.00% · 77.4th percentile

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
1.00%
77.4th percentile

Affected Products

VendorProductVersions
ciscoios_xe_sd-wan
CiscoCisco IOS XE SD-WAN Softwaren/a

Exploit Intelligence

Timeline

  • Sep 23, 2021 CVE Published
  • Sep 23, 2021 EPSS Score
  • Nov 19, 2021 EPSS Score
  • Jan 15, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 10, 2022 EPSS Score
  • Jul 6, 2022 EPSS Score
  • Oct 29, 2022 EPSS Score
  • Dec 26, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 19, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›