Home > Cloud Security > Three New Critical Flaws in Cisco’s IOS XE Software Patched

Three New Critical Flaws in Cisco’s IOS XE Software Patched

September 24, 2021
CIM Team

Cisco Systems has released fixes for three severe security flaws in its IOS XE network operating system. Remote attackers could have easily leveraged these flaws to run arbitrary code with administrator rights on affected devices, resulting in a denial-of-service (DoS) scenario.

The three flaws are:

CVE-2021-34770(CVSS score: 10.0)
CVE-2021-34727(CVSS score: 9.8)
CVE-2021-1619(CVSS score: 9.8)

Out of these three, CVE-2021-34770 is the most severe vulnerability. Cisco describes it as a “logic mistake” that happens during the processing of CAPWAP (Control and Provisioning of Wireless Access Points) packets.

The company alerted that an attacker may take advantage of this flaw by delivering a specially designed CAPWAP packet to a vulnerable device. The attacker may leverage a successful exploit to run arbitrary code with administrator rights or force the vulnerable device to crash and reload, resulting in a DoS scenario.

In contrast, CVE-2021-34727 is about an inadequate bounds check while receiving incoming network traffic to the device. As a result, an attacker may send specially designed communication to the device, leading to arbitrary code execution with root privileges or a device restart. The flaw affects the SD-WAN capability on 1000 Series Integrated Services Routers (ISRs), 4000 Series ISRs, ASR 1000 Series Aggregation Services Routers, and Cloud Services Router 1000V Series.

The third one, CVE-2021-1619, is an “uninitialized variable” in Cisco IOS XE Software’s authentication, authorization, and accounting (AAA) function. It might allow a remote attacker who is authenticated to “install, modify, or remove the configuration of a network device or corrupt memory on the device, ending in a DoS.”

Cisco has also fixed 15 vulnerabilities with high severity and another 15 with medium-severity, impacting several IOS XE software components and the Cisco Access Points platform and Cisco SD-WAN vManage Software.

It is advised that users and administrators install the appropriate updates to reduce the possibility of bad actors exploiting the vulnerability.

About the author

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others

Three New Critical Flaws in Cisco’s IOS XE Software Patched

About the author

CIM Team

Share:

Related ARTICLES

CaTEGORIES

Quick Nav

Three New Critical Flaws in Cisco’s IOS XE Software Patched

About the author

CIM Team

Share:

Related ARTICLES

Weekly Cyber Threat Report, May 22-26, 2023

Devastating DDoS Attacks Launched Against Gaming Industry by Dark Frost Botnet

Israeli Logistics Sector Attacked by Iranian Tortoiseshell Hackers

GoldenJackal: New Threat Gang Attacking South Asian And Middle Eastern Governments

CaTEGORIES

Quick Nav