6.9

CVE-2021-34721

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

Data is provided by the National Vulnerability Database (NVD)
CiscoIos Xr Version < 7.3.2
   CiscoAsr 9000v-v2 Version-
   CiscoAsr 9001 Version-
   CiscoAsr 9006 Version-
   CiscoAsr 9010 Version-
   CiscoAsr 9901 Version-
   CiscoAsr 9902 Version-
   CiscoAsr 9903 Version-
   CiscoAsr 9904 Version-
   CiscoAsr 9906 Version-
   CiscoAsr 9910 Version-
   CiscoAsr 9912 Version-
   CiscoAsr 9922 Version-
CiscoIos Xr Version >= 7.4.0 <= 7.4.1
   CiscoAsr 9000v-v2 Version-
   CiscoAsr 9001 Version-
   CiscoAsr 9006 Version-
   CiscoAsr 9010 Version-
   CiscoAsr 9901 Version-
   CiscoAsr 9902 Version-
   CiscoAsr 9903 Version-
   CiscoAsr 9904 Version-
   CiscoAsr 9906 Version-
   CiscoAsr 9910 Version-
   CiscoAsr 9912 Version-
   CiscoAsr 9922 Version-
CiscoIos Xr Version < 7.3.2
   CiscoIos Xrv Version-
   CiscoIos Xrv 9000 Version-
CiscoIos Xr Version >= 7.4.0 <= 7.4.1
   CiscoIos Xrv Version-
   CiscoIos Xrv 9000 Version-
CiscoIos Xr Version < 7.3.2
   CiscoNcs 520 Version-
   CiscoNcs 540 Version-
   CiscoNcs 540 Fronthaul Version-
   CiscoNcs 560-4 Version-
   CiscoNcs 560-7 Version-
CiscoIos Xr Version >= 7.4.0 < 7.4.1
   CiscoNcs 520 Version-
   CiscoNcs 540 Version-
   CiscoNcs 540 Fronthaul Version-
   CiscoNcs 560-4 Version-
   CiscoNcs 560-7 Version-
CiscoIos Xr Version < 7.3.2
   CiscoNcs 5001 Version-
   CiscoNcs 5002 Version-
   CiscoNcs 5011 Version-
CiscoIos Xr Version >= 7.4.0 < 7.4.1
   CiscoNcs 5001 Version-
   CiscoNcs 5002 Version-
   CiscoNcs 5011 Version-
CiscoIos Xr Version < 7.3.2
   CiscoNcs 5501 Version-
   CiscoNcs 5501-se Version-
   CiscoNcs 5502 Version-
   CiscoNcs 5502-se Version-
   CiscoNcs 5508 Version-
   CiscoNcs 5516 Version-
CiscoIos Xr Version >= 7.4.0 < 7.4.1
   CiscoNcs 5501 Version-
   CiscoNcs 5501-se Version-
   CiscoNcs 5502 Version-
   CiscoNcs 5502-se Version-
   CiscoNcs 5508 Version-
   CiscoNcs 5516 Version-
CiscoIos Xr Version < 7.3.2
   CiscoNcs 6000 Version-
   CiscoNcs 6008 Version-
CiscoIos Xr Version >= 7.4.0 < 7.4.1
   CiscoNcs 6000 Version-
   CiscoNcs 6008 Version-
CiscoIos Xr Version < 7.3.2
   CiscoNcs 1001 Version-
   CiscoNcs 1002 Version-
   CiscoNcs 1004 Version-
CiscoIos Xr Version >= 7.4.0 < 7.4.1
   CiscoNcs 1001 Version-
   CiscoNcs 1002 Version-
   CiscoNcs 1004 Version-
CiscoIos Xr Version < 7.3.2
   Cisco8101-32fh Version-
   Cisco8101-32h Version-
   Cisco8102-64h Version-
   Cisco8201 Version-
   Cisco8201-32fh Version-
   Cisco8202 Version-
   Cisco8804 Version-
   Cisco8808 Version-
   Cisco8812 Version-
   Cisco8818 Version-
CiscoIos Xr Version >= 7.4.0 < 7.4.1
   Cisco8101-32fh Version-
   Cisco8101-32h Version-
   Cisco8102-64h Version-
   Cisco8201 Version-
   Cisco8201-32fh Version-
   Cisco8202 Version-
   Cisco8804 Version-
   Cisco8808 Version-
   Cisco8812 Version-
   Cisco8818 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.07% 0.22
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
psirt@cisco.com 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.