SB2021092303 - Improper access control in Cisco ASR 900 and ASR 920 Series Aggregation Services Routers

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021092303

SB2021092303 - Improper access control in Cisco ASR 900 and ASR 920 Series Aggregation Services Routers

Published: September 23, 2021

Security Bulletin ID SB2021092303
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Improper access control (CVE-ID: CVE-2021-34696)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to incorrect programming of hardware when an ACL is configured using a method other than the configuration CLI. A remote attacker can bypass an ACL on the affected device.


Remediation

Install update from vendor's website.

References