What is CVE-2021-34724?

CVE-2021-34724 is a medium-severity vulnerability in Cisco 1000_integrated_services_router, classified under Improper Access Control. CVSS score: 6.0/10. Published 2021-09-23.

How severe is CVE-2021-34724?

Medium severity. CVSS v3 base score is 6.0 out of 10.

Vulnerability in Cisco 1000_integrated_services_router

CVE-2021-34724

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root user. An attacker must be authenticated on…

EPSS: 0.003 (16.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.0 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N.

Affected products

Cisco 1000_integrated_services_router
Cisco 1100-4g\/6g_integrated_services_router
Cisco 1100-4p_integrated_services_router
Cisco 1100-8p_integrated_services_router
Cisco 1100_integrated_services_router
Cisco 1101-4p_integrated_services_router
Cisco 1101_integrated_services_router
Cisco 1109-2p_integrated_services_router
Cisco 1109-4p_integrated_services_router
Cisco 1109_integrated_services_router

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

psirt@cisco.com (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2021-34724?: CVE-2021-34724 is a medium-severity vulnerability in Cisco 1000_integrated_services_router, classified under Improper Access Control. CVSS score: 6.0/10. Published 2021-09-23.
How severe is CVE-2021-34724?: Medium severity. CVSS v3 base score is 6.0 out of 10.