Cisco Security Advisory - Cisco IOS XR Software Arbitrary File Read and Write Vulnerability

[Netwörkheäd]

Cisco IOS XR Software Arbitrary File Read and Write Vulnerability

<p>A vulnerability in the SSH Server process of Cisco&nbsp;IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device.</p>
<p>This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.</p>
<p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2" target="_blank" rel="noopener">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2</a></p>
<p>This advisory is part of the September 2021 release of the Cisco&nbsp;IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74637">Cisco&nbsp;Event Response: September 2021 Cisco&nbsp;IOS XR Software Security Advisory Bundled Publication</a>.</p>

     
         
Security Impact Rating:  High
   
   
       
CVE: CVE-2021-34718
Source: Cisco IOS XR Software Arbitrary File Read and Write Vulnerability