What is CVE-2021-34770?

CVE-2021-34770 is a critical-severity vulnerability in Cisco Ios Xe Software, classified under Heap-based Buffer Overflow. CVSS score: 10.0/10. Published 2021-09-23.

How severe is CVE-2021-34770?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Buffer overflow in Cisco Ios Xe Software

CVE-2021-34770

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute…

Vulnerability class: Buffer Overflow

EPSS: 0.010 (77.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Cisco Ios Xe Software — versions n/a

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

References

20210922 Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2021-34770?: CVE-2021-34770 is a critical-severity vulnerability in Cisco Ios Xe Software, classified under Heap-based Buffer Overflow. CVSS score: 10.0/10. Published 2021-09-23.
How severe is CVE-2021-34770?: Critical severity. CVSS v3 base score is 10.0 out of 10.