7.2
CVE-2021-34708
- EPSS 0.02%
- Published 09.09.2021 05:15:07
- Last modified 21.11.2024 06:11:00
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Ios Xr Version < 7.3.2
Cisco ≫ 8101-32fh Version-
Cisco ≫ 8101-32h
Cisco ≫ 8102-64h Version-
Cisco ≫ 8201 Version-
Cisco ≫ 8201-32fh Version-
Cisco ≫ 8202 Version-
Cisco ≫ 8800 12-slot Version-
Cisco ≫ 8800 18-slot Version-
Cisco ≫ 8800 4-slot Version-
Cisco ≫ 8800 8-slot Version-
Cisco ≫ 8101-32h
Cisco ≫ 8102-64h Version-
Cisco ≫ 8201 Version-
Cisco ≫ 8201-32fh Version-
Cisco ≫ 8202 Version-
Cisco ≫ 8800 12-slot Version-
Cisco ≫ 8800 18-slot Version-
Cisco ≫ 8800 4-slot Version-
Cisco ≫ 8800 8-slot Version-
Cisco ≫ Ios Xr Version < 7.3.2
Cisco ≫ N540-12z20g-sys-a Version-
Cisco ≫ N540-12z20g-sys-d Version-
Cisco ≫ N540-24z8q2c-m Version-
Cisco ≫ N540-24z8q2c-sys Version-
Cisco ≫ N540-28z4c-sys-a Version-
Cisco ≫ N540-28z4c-sys-d Version-
Cisco ≫ N540-acc-sys Version-
Cisco ≫ N540x-12z16g-sys-a Version-
Cisco ≫ N540x-12z16g-sys-d Version-
Cisco ≫ N540x-16z4g8q2c-a Version-
Cisco ≫ N540x-16z4g8q2c-d Version-
Cisco ≫ N540x-acc-sys Version-
Cisco ≫ N540-12z20g-sys-d Version-
Cisco ≫ N540-24z8q2c-m Version-
Cisco ≫ N540-24z8q2c-sys Version-
Cisco ≫ N540-28z4c-sys-a Version-
Cisco ≫ N540-28z4c-sys-d Version-
Cisco ≫ N540-acc-sys Version-
Cisco ≫ N540x-12z16g-sys-a Version-
Cisco ≫ N540x-12z16g-sys-d Version-
Cisco ≫ N540x-16z4g8q2c-a Version-
Cisco ≫ N540x-16z4g8q2c-d Version-
Cisco ≫ N540x-acc-sys Version-
Cisco ≫ Ios Xr Version >= 7.4.0 < 7.4.1
Cisco ≫ N540-12z20g-sys-a Version-
Cisco ≫ N540-12z20g-sys-d Version-
Cisco ≫ N540-24z8q2c-m Version-
Cisco ≫ N540-24z8q2c-sys Version-
Cisco ≫ N540-28z4c-sys-a Version-
Cisco ≫ N540-28z4c-sys-d Version-
Cisco ≫ N540-acc-sys Version-
Cisco ≫ N540x-12z16g-sys-a Version-
Cisco ≫ N540x-12z16g-sys-d Version-
Cisco ≫ N540x-16z4g8q2c-a Version-
Cisco ≫ N540x-16z4g8q2c-d Version-
Cisco ≫ N540x-acc-sys Version-
Cisco ≫ N540-12z20g-sys-d Version-
Cisco ≫ N540-24z8q2c-m Version-
Cisco ≫ N540-24z8q2c-sys Version-
Cisco ≫ N540-28z4c-sys-a Version-
Cisco ≫ N540-28z4c-sys-d Version-
Cisco ≫ N540-acc-sys Version-
Cisco ≫ N540x-12z16g-sys-a Version-
Cisco ≫ N540x-12z16g-sys-d Version-
Cisco ≫ N540x-16z4g8q2c-a Version-
Cisco ≫ N540x-16z4g8q2c-d Version-
Cisco ≫ N540x-acc-sys Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.051 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| psirt@cisco.com | 6 | 0.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
|
CWE-347 Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.