#VU56429 Improper Neutralization of Argument Delimiters in a Command in Cisco Systems, Inc products - CVE-2021-34718

Cybersecurity Help s.r.o.

Published: 2021-09-09

Vulnerability identifier: #VU56429

Vulnerability risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-34718

CWE-ID: CWE-88

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco IOS XR
Operating systems & Components / Operating system
ASR9K-PX
Hardware solutions / Firmware
IOSXRWBD
Hardware solutions / Firmware
NCS5500
Hardware solutions / Firmware
CRS-PX
Hardware solutions / Firmware
XRV9K
Hardware solutions / Firmware
NCS560
Hardware solutions / Firmware

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to overwrite and read arbitrary files.

The vulnerability exists due to improper input validation in the SSH Server process. A remote authenticated attacker can specify Secure Copy Protocol (SCP) parameters when authenticating to a device and retrieve and upload files on a target device.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco IOS XR: 6.2.3, 6.5.3, 6.6.3 - 6.6.25, 6.7.3 - 6.7.4, 7.1.2, 7.2.1 - 7.2.2

ASR9K-PX: All versions

IOSXRWBD: All versions

NCS5500: All versions

CRS-PX: All versions

XRV9K: All versions

NCS560: All versions

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper Neutralization of Argument Delimiters in a Command in Cisco IOS XR Software