CVE-2021-34771 — Vulnetix

CVE-2021-34771 PUBLISHED CVSS 5.5 MEDIUM

A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by running a specific command. A successful exploit could allow the attacker to view sensitive configuration information that their privileges might not otherwise allow them to access.

EPSS 0.13% · 31.7th percentile

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.13%

31.7th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco IOS XR Software	n/a
cisco	ios_xr	0

Exploit Intelligence

20210908 Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability (circl)

Timeline

Sep 9, 2021 EPSS Score
Sep 9, 2021 CVE Published
Nov 6, 2021 EPSS Score
Jan 2, 2022 EPSS Score
Jan 6, 2022 EPSS Score
Mar 1, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 24, 2022 EPSS Score
Aug 22, 2022 EPSS Score
Oct 19, 2022 EPSS Score
Dec 16, 2022 EPSS Score

References

20210908 Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-34771 advisory

Open in Interactive Console →