CVE-2021-1243 — Improper Access Control in Cisco IOS XR

CWE-284 — Improper Access Control4 documents4 sources

Severity

7.5HIGHNVD

CNA5.3

EPSS

0.6%

top 30.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XR Cisco IOS XR Software

Timeline

PublishedFeb 4

Latest updateMay 24

Description

A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by conne…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_ios_xr_softwaren/a

▶NVDcisco/ios_xr7.0.0 — 7.0.2+5

🔴Vulnerability Details

GHSA

GHSA-w6r6-frp2-8r52: A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Sof↗2022-05-24

▶

CVEList

Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability↗2021-02-04

▶

📋Vendor Advisories

Cisco

Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability↗2021-02-03

▶