Rewterz Threat Advisory – CVE-2021-3715 – Linux Kernel Privilege Escalation
September 9, 2021Rewterz Threat Advisory – Multiple Mozilla Firefox Security Vulnerabilities
September 9, 2021Rewterz Threat Advisory – CVE-2021-3715 – Linux Kernel Privilege Escalation
September 9, 2021Rewterz Threat Advisory – Multiple Mozilla Firefox Security Vulnerabilities
September 9, 2021Severity
Medium
Analysis Summary
CVE-2021-617
Cisco IOS XR Software is vulnerable to a denial of service, caused by improper handling of a specific RPKI to Router (RTR) Protocol packet header. By sending a specially-crafted RTR packet, a remote attacker could exploit this vulnerability to cause the BGP process to constantly restart, and results in a denial of service condition.
CVE-2021-34722
Cisco IOS XR Software could allow a local authenticated attacker to execute arbitrary commands on the system, caused by input validation of command arguments. By submitting specially-crafted arguments using CLI commands, an attacker could exploit this vulnerability to execute arbitrary commands as root on the underlying root shell.
CVE-2021-34721
Cisco IOS XR Software could allow a local authenticated attacker to execute arbitrary commands on the system, caused by input validation of commands supplied by a user. By submitting specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary commands as root on the underlying root shell.
CVE-2021-34771
Cisco IOS XR Software could allow a local authenticated attacker to obtain sensitive information, caused by insufficient application of restrictions during the execution of a specific command. By executing a specially-crafted command, an attacker could exploit this vulnerability to view sensitive configuration information, and use this information to launch further attacks against the affected system.
CVE-2021-34737
Cisco IOS XR Software is vulnerable to a denial of service, caused by a NULL pointer dereference flaw when validating certain DHCPv4 messages. By sending a specially-crafted DHCPv4 message, a remote attacker could exploit this vulnerability to cause the the dhcpd process to crash.
Impact
- Command Injection
- Denial of Service
- Unauthorized Access
Affected Vendors
Cisco
Affected Products
- Cisco IOS XR Software 7.3
- Cisco IOS XR Software 7.1.1
- Cisco Network Convergence System (NCS) 540 Series Routers
- Cisco ASR 9000 Series Aggregation Services Routers
Remediation
Refer to Cisco Security Advisory for the patch, upgrade, or suggested workaround information.
For CVE-2021-617
For CVE-2021-34722
For CVE-2021-34721
For CVE-2021-34771
For CVE-2021-34737