December 11, 2023

Cisco announced the availability of patches for a series of critical vulnerabilities in IOS XE software that could be exploited to execute arbitrary code remotely, cause denial of service, or manipulate device configuration.

The most severe of these issues is CVE-2021-34770 (CVSS score of 10), which could lead to RCE without authentication, with administrator privileges.

Residing in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of IOS XE software for Catalyst 9000 wireless controllers, the bug can also be exploited to cause a DoS condition.

The security hole affects Catalyst 9300, 9400, and 9500 series switches, Catalyst 9800 and 9800-CL wireless controllers, and embedded wireless controllers on catalyst access points.

Next issue is buffer overflow in IOS XE SD-WAN, which could be exploited by an unauthenticated, remote attacker to execute arbitrary commands with root privileges or cause a denial of service condition.

Tracked as CVE-2021-34727 9.8 CVSS, the vulnerability exists due to insufficient bounds checking during the processing of traffic. Affected products include 1000 and 4000 series integrated services routers (ISRs), 1000 series aggregation services routers (ASR), and cloud services router 1000V series.

The third vulnerability Cisco patched in IOS XE this week is CVE-2021-1619 (CVSS 9.8), which resides in the authentication, authorization, and accounting (AAA) function of the platform.

Due to an uninitialized variable, the bug allows for an unauthenticated, remote attacker to send NETCONF or RESTCONF requests to bypass authentication and manipulate the configuration of the device or cause denial of service.

The patches were released as part of Cisco’s September 2021 bundle of security advisories for IOS and IOS XE software, which consists of a total of 25 advisories describing 27 vulnerabilities in these platforms, including 13 high-severity and 11 medium-severity flaws.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.