Cisco has released security updates to address high-severity vulnerabilities in the IOS XR software that can be exploited in wild
The most severe of these vulnerabilities is a DoS issue tracked as CVE-2021-34720 (CVSS score 8.6). A remote, unauthenticated attacker can exploit this bug to exhaust the device packet memory and trigger a DoS condition.
The flaw resides in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) implemented in the Cisco IOS XR Software. An attacker can trigger the flaw by sending specific IP SLA or TWAMP packets to an affected device.
This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes.A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process.
Another severe bug addressed by Cisco is an IOS XR Software Arbitrary File Read and Write vulnerability tracked as CVE-2021-34718 (CVSS 8.1). The flaw resides in the SSH Server process of Cisco IOS XR Software, it can allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device.
This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with low level privileges could exploit this vulnerability by specifying Secure Copy Protocol parameters when authenticating to a device. An exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.
Cisco also patched two other high severity privilege escalation bugs, respectively tracked as CVE-2021-34719 and CVE-2021-34728, and a denial of service issue tracked as CVE-2021-34713 that impactes ASR 9000 routers family.