CVE-2021-34723Resource Exposure in Cisco IOS XE Software

CWE-668Resource Exposure4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.1%
top 82.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedSep 23
Latest updateMay 24

Description

A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of the configuration database an

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/ios_xe17.3.1a

🔴Vulnerability Details

2
GHSA
GHSA-66cj-3q7r-633r: A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitr2022-05-24
CVEList
Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability2021-09-23

📋Vendor Advisories

1
Cisco
Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability2021-09-22
CVE-2021-34723 — Resource Exposure in Cisco | cvebase