Original Issue Date:September 10, 2021
Severity Rating: HIGH
Software Affected
Cisco IOS XR Software releases prior to Release 7.3.2 and Release 7.4.1.
Cisco IOS XR Software Release 6.4.0 or later.
Overview
Multiple Vulnerabilities have been reported in Cisco IOS XR Software which could allow an attacker to elevate privileges and cause denial of service condition on an affected device.
Description
1. Denial of Service vulnerability (CVE-2021-34713)
This vulnerability exists in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers due to incorrect handling of specific Ethernet frames that cause a spin loop that can make the networkprocessors unresponsive that could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. An attacker could exploit this vulnerability by sending specific types of Ethernet frames on the segment where the affected line
cards are attached.
Successful exploitation of this vulnerability could allow the attacker to cause the affected line card to reboot.
2. Denial of service vulnerability (CVE-2021-34720)
This Vulnerability exists in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software due to socket creation failures are mishandled during the IP SLA and TWAMP processes that could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device.
Successful exploitation of this vulnerability could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process.
3. Privilege escalation vulnerability (CVE-2021-34718)
This Vulnerability exists in the SSH Server process of Cisco IOS XR Software due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method that could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. An attacker could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device.
Successful exploitation of this vulnerability could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.
4. Privilege escalation vulnerability (CVE-2021-34719 CVE-2021-34728)
This Vulnerability exists in the CLI of Cisco IOS XR Software due to insufficient input validation of commands that are supplied by a user that could allow an authenticated, local attacker to elevate privileges on an affected device. An attacker could exploit this vulnerability by using crafting command on the device.
Successful exploitation of this vulnerability could allow the attacker to elevate privileges to root.
Solution
Apply appropriate updates as mentioned in:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-npspin-QYpwdhFD
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP
Disclaimer
The information provided herein is on “as is” basis, without warranty of any kind.