CVE-2021-34705Improper Handling of Undefined Values in Cisco IOS

CWE-232Improper Handling of Undefined Values4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.6%
top 31.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco IOSCisco IOSCisco IOS XE
Timeline
PublishedSep 23
Latest updateMay 24

Description

A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial strings at Foreign Exchange Office (FXO) interfaces. An attacker could exploit this vulnerability by sending a malformed dial string to an affected device via either the ISDN protocol or SIP. A successf

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDcisco/ios1439 versions+1438
NVDcisco/ios_xe281 versions+280
CVEListV5cisco/cisco_iosn/a

🔴Vulnerability Details

2
GHSA
GHSA-xxj5-mhw2-jgp8: A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated,2022-05-24
CVEList
Cisco IOS and IOS XE Software FXO Interface Destination Pattern Bypass Vulnerability2021-09-23

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE Software FXO Interface Destination Pattern Bypass Vulnerability2021-09-22
CVE-2021-34705 — Improper Handling of Undefined Values | cvebase