CVE-2021-34728 — Vulnetix

CVE-2021-34728 PUBLISHED CVSS 7.800000190734863 HIGH

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

EPSS 0.16% · 37.0th percentile

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.16%

37.0th percentile

Affected Products

Vendor	Product	Versions
cisco	ios_xr	7.4.0, 0, 7.4.0
Cisco	Cisco IOS XR Software	n/a

Exploit Intelligence

20210908 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities (circl)

Timeline

Sep 9, 2021 CVE Published
Sep 9, 2021 EPSS Score
Nov 6, 2021 EPSS Score
Jan 2, 2022 EPSS Score
Jan 6, 2022 EPSS Score
Mar 1, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 24, 2022 EPSS Score
Aug 22, 2022 EPSS Score
Oct 19, 2022 EPSS Score
Dec 16, 2022 EPSS Score
Feb 11, 2023 EPSS Score

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-npspin-QYpwdhFD advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2 advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-34728 advisory

Open in Interactive Console →