CVE-2021-1619Access of Uninitialized Pointer in Cisco IOS XE Software

CWE-824Access of Uninitialized PointerCWE-908Use of Uninitialized Resource4 documents4 sources
Severity
9.1CRITICALNVD
CNA9.8
EPSS
0.9%
top 24.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
146
Cisco IOS XE SoftwareCisco IOS XECisco IOS XE Sd-wan 16.10.1 When Installed ON 1000 Series Integrated Services+143 more
Timeline
PublishedSep 23
Latest updateMay 24

Description

A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denial of service (DoS) on an affected device This vulnerability is due to an uninitialized variable. An attacker could exploit this vulnerability by sen

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages146 packages

🔴Vulnerability Details

2
GHSA
GHSA-q3g7-fff3-j4mq: A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote at2022-05-24
CVEList
Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability2021-09-23

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability2021-09-22
CVE-2021-1619 — Access of Uninitialized Pointer | cvebase