What is CVE-2021-34725?

CVE-2021-34725 is a medium-severity vulnerability in Cisco 1000_integrated_services_router, classified under Command Injection. CVSS score: 6.7/10. Published 2021-09-23.

How severe is CVE-2021-34725?

Medium severity. CVSS v3 base score is 6.7 out of 10.

RCE in Cisco 1000_integrated_services_router

CVE-2021-34725

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.003 (26.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco 1000_integrated_services_router
Cisco 1100-4g\/6g_integrated_services_router
Cisco 1100-4p_integrated_services_router
Cisco 1100-8p_integrated_services_router
Cisco 1100_integrated_services_router
Cisco 1101-4p_integrated_services_router
Cisco 1101_integrated_services_router
Cisco 1109-2p_integrated_services_router
Cisco 1109-4p_integrated_services_router
Cisco 1109_integrated_services_router

Weakness classification (CWE)

CWE-77 — Command Injection
CWE-78 — OS Command Injection

References

psirt@cisco.com (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2021-34725?: CVE-2021-34725 is a medium-severity vulnerability in Cisco 1000_integrated_services_router, classified under Command Injection. CVSS score: 6.7/10. Published 2021-09-23.
How severe is CVE-2021-34725?: Medium severity. CVSS v3 base score is 6.7 out of 10.