CVE-2021-34696

Published Sep 23, 2021

Last updated a year ago

CVSS medium 5.8

Overview

Description: A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a method other than the configuration CLI. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.8
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other
ykramarz@cisco.com: CWE-284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63658947-333C-4689-A50C-9EA874B8FB4A",
            "versionEndIncluding": "17.3.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:asr_902:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "70352B04-C3FD-47F5-A2F8-691CF63EB50D"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_903:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "51938C0A-AFDB-4B12-BB64-9C67FC0C738F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_907:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A18E4A46-10D3-48F8-9E92-377ACA447257"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_920-10sz-pd:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DBE110B5-CC6E-4103-9983-4195BCC28165"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_920-10sz-pd_r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B97DDC45-ABD1-4C8F-A249-0865345637A4"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_920-12cz-a:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3FE4D129-435B-45DD-838D-4017BD94DF93"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_920-12cz-a_r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "456C68A8-F3C8-4302-B55A-134979B42045"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_920-12cz-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "870D5B63-A1D5-442A-B2B9-9E522E5DB08F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_920-12cz-d_r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "17C6733C-F77B-4688-B051-C1557F4D8D41"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_920-12sz-im:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2BD45D77-4097-4AFB-98DF-5B8188316C20"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_920-12sz-im_r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "489F97AB-5C6D-4AFE-BE5A-ABF7F9ED8B66"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_920-24sz-im:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "064DB97B-9E52-45BC-9F43-8FCB5570FC7D"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_920-24sz-im_r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "31608C12-FBED-4EAD-96EC-48BC4B356B77"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_920-24sz-m:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D989205A-0576-415C-935E-E83AD42FD1CB"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_920-24sz-m_r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6D21D9A5-DE8F-4C55-B03F-35C04C270A40"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_920-24tz-m:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "78C3EB40-574A-48F7-A679-90F62ED976B5"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_920-24tz-m_r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B6CC6206-DF19-4636-84C2-8912E443D122"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_920-4sz-a:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "85489F69-EAF0-4971-8C93-36838A8AA00E"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_920-4sz-a_r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BE95FEC1-12F3-44FC-B922-CD18CADB42FE"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_920-4sz-d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2D029B0C-2DAE-491A-90B4-79C093EC9E48"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_920-4sz-d_r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BE37BC85-7758-4412-A5E6-0F1A19E8776B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_920u-12sz-im:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BA179D79-07E7-4721-85BB-0C740B516B1F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References