8.5

CVE-2021-34718

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.

Data is provided by the National Vulnerability Database (NVD)
CiscoIos Xr Version < 7.3.2
   CiscoAsr 9000v-v2 Version-
   CiscoAsr 9001 Version-
   CiscoAsr 9006 Version-
   CiscoAsr 9010 Version-
   CiscoAsr 9901 Version-
   CiscoAsr 9902 Version-
   CiscoAsr 9903 Version-
   CiscoAsr 9904 Version-
   CiscoAsr 9906 Version-
   CiscoAsr 9910 Version-
   CiscoAsr 9912 Version-
   CiscoAsr 9922 Version-
CiscoIos Xr Version >= 7.4.0 < 7.4.1
   CiscoAsr 9000v-v2 Version-
   CiscoAsr 9001 Version-
   CiscoAsr 9006 Version-
   CiscoAsr 9010 Version-
   CiscoAsr 9901 Version-
   CiscoAsr 9902 Version-
   CiscoAsr 9903 Version-
   CiscoAsr 9904 Version-
   CiscoAsr 9906 Version-
   CiscoAsr 9910 Version-
   CiscoAsr 9912 Version-
   CiscoAsr 9922 Version-
CiscoIos Xr Version < 7.3.2
   CiscoIos Xrv Version-
   CiscoIos Xrv 9000 Version-
CiscoIos Xr Version >= 7.4.0 < 7.4.1
   CiscoIos Xrv Version-
   CiscoIos Xrv 9000 Version-
CiscoIos Xr Version < 7.3.2
   CiscoNcs 520 Version-
   CiscoNcs 540 Version-
   CiscoNcs 540 Fronthaul Version-
   CiscoNcs 560-4 Version-
   CiscoNcs 560-7 Version-
CiscoIos Xr Version >= 7.4.0 < 7.4.1
   CiscoNcs 520 Version-
   CiscoNcs 540 Version-
   CiscoNcs 540 Fronthaul Version-
   CiscoNcs 560-4 Version-
   CiscoNcs 560-7 Version-
CiscoIos Xr Version < 7.3.2
   CiscoNcs 5001 Version-
   CiscoNcs 5002 Version-
   CiscoNcs 5011 Version-
CiscoIos Xr Version >= 7.4.0 < 7.4.1
   CiscoNcs 5001 Version-
   CiscoNcs 5002 Version-
   CiscoNcs 5011 Version-
CiscoIos Xr Version < 7.3.2
   CiscoNcs 4009 Version-
   CiscoNcs 4016 Version-
CiscoIos Xr Version >= 7.4.0 < 7.4.1
   CiscoNcs 4009 Version-
   CiscoNcs 4016 Version-
CiscoIos Xr Version < 7.3.2
   CiscoNcs 5501 Version-
   CiscoNcs 5501-se Version-
   CiscoNcs 5502 Version-
   CiscoNcs 5502-se Version-
   CiscoNcs 5508 Version-
   CiscoNcs 5516 Version-
CiscoIos Xr Version >= 7.4.0 < 7.4.1
   CiscoNcs 5501 Version-
   CiscoNcs 5501-se Version-
   CiscoNcs 5502 Version-
   CiscoNcs 5502-se Version-
   CiscoNcs 5508 Version-
   CiscoNcs 5516 Version-
CiscoIos Xr Version < 7.3.2
   CiscoNcs 6000 Version-
   CiscoNcs 6008 Version-
CiscoIos Xr Version >= 7.4.0 < 7.4.1
   CiscoNcs 6000 Version-
   CiscoNcs 6008 Version-
CiscoIos Xr Version < 7.3.2
   CiscoNcs 1001 Version-
   CiscoNcs 1002 Version-
   CiscoNcs 1004 Version-
CiscoIos Xr Version >= 7.4.0 < 7.4.1
   CiscoNcs 1001 Version-
   CiscoNcs 1002 Version-
   CiscoNcs 1004 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.18% 0.781
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 8.5 8 9.2
AV:N/AC:L/Au:S/C:C/I:C/A:N
psirt@cisco.com 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.