CVE-2021-34718
Summary
| CVE | CVE-2021-34718 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-09-09 05:15:00 UTC |
| Updated | 2023-11-07 03:36:00 UTC |
| Description | A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to. |
Risk And Classification
Problem Types: CWE-88
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Asr 9000v-v2 | - | All | All | All |
| Hardware | Cisco | Asr 9001 | - | All | All | All |
| Hardware | Cisco | Asr 9006 | - | All | All | All |
| Hardware | Cisco | Asr 9010 | - | All | All | All |
| Hardware | Cisco | Asr 9901 | - | All | All | All |
| Hardware | Cisco | Asr 9902 | - | All | All | All |
| Hardware | Cisco | Asr 9903 | - | All | All | All |
| Hardware | Cisco | Asr 9904 | - | All | All | All |
| Hardware | Cisco | Asr 9906 | - | All | All | All |
| Hardware | Cisco | Asr 9910 | - | All | All | All |
| Hardware | Cisco | Asr 9912 | - | All | All | All |
| Hardware | Cisco | Asr 9922 | - | All | All | All |
| Operating System | Cisco | Ios Xr | All | All | All | All |
| Hardware | Cisco | Ios Xrv | - | All | All | All |
| Hardware | Cisco | Ios Xrv 9000 | - | All | All | All |
| Hardware | Cisco | Ncs 1001 | - | All | All | All |
| Hardware | Cisco | Ncs 1002 | - | All | All | All |
| Hardware | Cisco | Ncs 1004 | - | All | All | All |
| Hardware | Cisco | Ncs 4009 | - | All | All | All |
| Hardware | Cisco | Ncs 4016 | - | All | All | All |
| Hardware | Cisco | Ncs 5001 | - | All | All | All |
| Hardware | Cisco | Ncs 5002 | - | All | All | All |
| Hardware | Cisco | Ncs 5011 | - | All | All | All |
| Hardware | Cisco | Ncs 520 | - | All | All | All |
| Hardware | Cisco | Ncs 540 | - | All | All | All |
| Hardware | Cisco | Ncs 540 Fronthaul | - | All | All | All |
| Hardware | Cisco | Ncs 5501 | - | All | All | All |
| Hardware | Cisco | Ncs 5501-se | - | All | All | All |
| Hardware | Cisco | Ncs 5502 | - | All | All | All |
| Hardware | Cisco | Ncs 5502-se | - | All | All | All |
| Hardware | Cisco | Ncs 5508 | - | All | All | All |
| Hardware | Cisco | Ncs 5516 | - | All | All | All |
| Hardware | Cisco | Ncs 560-4 | - | All | All | All |
| Hardware | Cisco | Ncs 560-7 | - | All | All | All |
| Hardware | Cisco | Ncs 6000 | - | All | All | All |
| Hardware | Cisco | Ncs 6008 | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco IOS XR Software Arbitrary File Read and Write Vulnerability | CISCO | tools.cisco.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 317034 Cisco Internetwork Operating System (IOS) XR Software Arbitrary File Read and Write Vulnerability (cisco-sa-iosxr-scp-inject-QwZOCv2)