1. Home
  2. CVE Database
  3. CVE-2021-34723
MEDIUM · 6.7

CVE-2021-34723

A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affe...

Vulnerability Description

A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of the configuration database and gain root-level access to an affected device.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CiscoIos Xe17.3.1a
CiscoAsr 1000-X-
CiscoAsr 1001-
CiscoAsr 1001-X-
CiscoAsr 1002-
CiscoAsr 1002-X-
CiscoAsr 1004-
CiscoAsr 1006-
CiscoAsr 1013-
CiscoAsr 1023-
Cisco4321 Integrated Services Router-
Cisco4331 Integrated Services Router-
Cisco4351 Integrated Services Router-
Cisco4431 Integrated Services Router-
Cisco1100-4G Integrated Services Router-
Cisco1100-4Gltegb Integrated Services Router-
Cisco1100-4Gltena Integrated Services Router-
Cisco1100-6G Integrated Services Router-
Cisco1100-Lte Integrated Services Router-
Cisco1100 Integrated Services Router-

Related Weaknesses (CWE)

CWE-668

References

FAQ

What is CVE-2021-34723?

CVE-2021-34723 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affe...

How severe is CVE-2021-34723?

CVE-2021-34723 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-34723?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Cisco Asr 1000-X, Cisco Asr 1001, Cisco Asr 1001-X, Cisco Asr 1002.