===================================================================== CERT-Renater Note d'Information No. 2021/VULN452 _____________________________________________________________________ DATE : 09/09/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Cisco IOS XR, Systems running Cisco BroadWorks CommPilot Application Software. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-npspin-QYpwdhFD https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-dJ9JT67N https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrbgp-rpki-dos-gvmjqxbk https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-infodisc-CjLdGMc5 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dhcp-dos-pjPVReLU https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-QN9mCzwn _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2021-September-08. The following PSIRT security advisories (4 High, 6 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco IOS XR Software IP Service Level Agreements and Two-Way Active Measurement Protocol Denial of Service Vulnerability - SIR: High 2) Cisco IOS XR Software Arbitrary File Read and Write Vulnerability - SIR: High 3) Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities - SIR: High 4) Cisco IOS XR Software for ASR 9000 Series Routers Denial of Service Vulnerability - SIR: High 5) Cisco BroadWorks CommPilot Application Software Vulnerabilities - SIR: Medium 6) Cisco IOS XR Software Command Injection Vulnerabilities - SIR: Medium 7) Cisco IOS XR Software Border Gateway Protocol Resource Public Key Infrastructure Denial of Service Vulnerability - SIR: Medium 8) Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability - SIR: Medium 9) Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability - SIR: Medium 10) Cisco IOS XR Software for Cisco 8000 and Network Convergence System 540 Series Routers Image Verification Vulnerabilities - SIR: Medium +-------------------------------------------------------------------- 1) Cisco IOS XR Software IP Service Level Agreements and Two-Way Active Measurement Protocol Denial of Service Vulnerability CVE-2021-34720 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP"] +-------------------------------------------------------------------- 2) Cisco IOS XR Software Arbitrary File Read and Write Vulnerability CVE-2021-34718 SIR: High CVSS Score v(3.1): 8.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2"] +-------------------------------------------------------------------- 3) Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities CVE-2021-34719, CVE-2021-34728 SIR: High CVSS Score v(3.1): 7.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf"] +-------------------------------------------------------------------- 4) Cisco IOS XR Software for ASR 9000 Series Routers Denial of Service Vulnerability CVE-2021-34713 SIR: High CVSS Score v(3.1): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-npspin-QYpwdhFD ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-npspin-QYpwdhFD"] +-------------------------------------------------------------------- 5) Cisco BroadWorks CommPilot Application Software Vulnerabilities CVE-2021-34785, CVE-2021-34786 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-dJ9JT67N ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-dJ9JT67N"] +-------------------------------------------------------------------- 6) Cisco IOS XR Software Command Injection Vulnerabilities CVE-2021-34721, CVE-2021-34722 SIR: Medium CVSS Score v(3.1): 6.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc"] +-------------------------------------------------------------------- 7) Cisco IOS XR Software Border Gateway Protocol Resource Public Key Infrastructure Denial of Service Vulnerability CVE-2021-1440 SIR: Medium CVSS Score v(3.1): 6.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrbgp-rpki-dos-gvmjqxbk ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrbgp-rpki-dos-gvmjqxbk"] +-------------------------------------------------------------------- 8) Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability CVE-2021-34771 SIR: Medium CVSS Score v(3.1): 5.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-infodisc-CjLdGMc5 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-infodisc-CjLdGMc5"] +-------------------------------------------------------------------- 9) Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability CVE-2021-34737 SIR: Medium CVSS Score v(3.1): 5.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dhcp-dos-pjPVReLU ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dhcp-dos-pjPVReLU"] +-------------------------------------------------------------------- 10) Cisco IOS XR Software for Cisco 8000 and Network Convergence System 540 Series Routers Image Verification Vulnerabilities CVE-2021-34708, CVE-2021-34709 SIR: Medium CVSS Score v(3.1): 6.0 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-QN9mCzwn ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-QN9mCzwn"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================