Vulnerability Description
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xr | >= 7.1.1, < 7.3.2 |
| Cisco | Asr 9000V-V2 | - |
| Cisco | Asr 9001 | - |
| Cisco | Asr 9006 | - |
| Cisco | Asr 9010 | - |
| Cisco | Asr 9901 | - |
| Cisco | Asr 9902 | - |
| Cisco | Asr 9903 | - |
| Cisco | Asr 9904 | - |
| Cisco | Asr 9906 | - |
| Cisco | Asr 9910 | - |
| Cisco | Asr 9912 | - |
| Cisco | Asr 9922 | - |
| Cisco | Ios Xrv | - |
| Cisco | Ios Xrv 9000 | - |
| Cisco | Ncs 520 | - |
| Cisco | Ncs 540 | - |
| Cisco | Ncs 540 Fronthaul | - |
| Cisco | Ncs 560-4 | - |
| Cisco | Ncs 560-7 | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iVendor Advisory
FAQ
What is CVE-2021-34722?
CVE-2021-34722 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary comman...
How severe is CVE-2021-34722?
CVE-2021-34722 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34722?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xr, Cisco Asr 9000V-V2, Cisco Asr 9001, Cisco Asr 9006, Cisco Asr 9010.