===================================================================== CERT-Renater Note d'Information No. 2021/VULN502 _____________________________________________________________________ DATE : 23/09/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Cisco IOS XE, Cisco IOS, Cisco IOS XR, Cisco FXOS, Cisco NX-OS, Cisco UCS Software Cisco Embedded Wireless Controller Software for Catalyst Access Points, Cisco Access Points software, Cisco Aironet Access Points software, Cisco SD-WAN Software, Cisco SD-WAN vManage Software, Cisco ASR 900 and ASR 920 Series software. ===================================================================== https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=50#~Vulnerabilities _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2021-September-22. The following PSIRT security advisories (3 Critical, 13 High, 15 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability - SIR: Critical 2) Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability - SIR: Critical 3) Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability - SIR: Critical 4) Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Service Vulnerabilities - SIR: High 5) Cisco IOS XE Software Rate Limiting Network Address Translation Denial of Service Vulnerability - SIR: High 6) Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability - SIR: High 7) Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers EoGRE Denial of Service Vulnerability - SIR: High 8) Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Common Open Policy Service Denial of Service Vulnerability - SIR: High 9) Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability - SIR: High 10) Cisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability - SIR: High 11) Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Simple Network Management Protocol Denial of Service Vulnerability - SIR: High 12) Cisco Access Points SSH Management Privilege Escalation Vulnerability - SIR: High 13) Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability - SIR: High 14) Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers IPv6 Denial of Service Vulnerability - SIR: High 15) Cisco IOS XE Software Interface Queue Wedge Denial of Service Vulnerability - SIR: High 16) Cisco IOS and IOS XE Software FXO Interface Destination Pattern Bypass Vulnerability - SIR: High 17) Cisco IOS XE SD-WAN Software Command Injection Vulnerability - SIR: Medium 18) Multiple Cisco Operating Systems Unidirectional Link Detection Denial of Service Vulnerability - SIR: Medium 19) Cisco IOS and IOS XE Software Link Layer Discovery Protocol Denial of Service Vulnerability - SIR: Medium 20) Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability - SIR: Medium 21) Cisco SD-WAN Software Command Injection Vulnerability - SIR: Medium 22) Cisco IOS XE SD-WAN Software Command Injection Vulnerability - SIR: Medium 23) Cisco SD-WAN vManage Software Disaster Recovery Feature Password Exposure Vulnerability - SIR: Medium 24) Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability - SIR: Medium 25) Cisco IOS XE Software Zone-Based Policy Firewall ICMP and UDP Inspection Vulnerability - SIR: Medium 26) Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability - SIR: Medium 27) Cisco ASR 900 and ASR 920 Series Aggregation Services Routers Access Control List Bypass Vulnerability - SIR: Medium 28) Cisco IOS XE Software Protection Against Distributed Denial of Service Attacks Feature Vulnerability - SIR: Medium 29) Cisco SD-WAN Software Information Disclosure Vulnerability - SIR: Medium 30) Cisco SD-WAN vManage Software Cypher Query Language Injection Vulnerability - SIR: Medium 31) Cisco IOS XE Software H.323 Application Level Gateway Bypass Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability CVE-2021-34770 SIR: Critical CVSS Score v(3.1): 10.0 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-rce-LYgj8Kf ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-rce-LYgj8Kf"] +-------------------------------------------------------------------- 2) Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability CVE-2021-34727 SIR: Critical CVSS Score v(3.1): 9.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-rbuffover-vE2OB6tp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-rbuffover-vE2OB6tp"] +-------------------------------------------------------------------- 3) Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability CVE-2021-1619 SIR: Critical CVSS Score v(3.1): 9.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaa-Yx47ZT8Q ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaa-Yx47ZT8Q"] +-------------------------------------------------------------------- 4) Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Service Vulnerabilities CVE-2021-1565, CVE-2021-34768, CVE-2021-34769 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-dos-gmNjdKOY ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-dos-gmNjdKOY"] +-------------------------------------------------------------------- 5) Cisco IOS XE Software Rate Limiting Network Address Translation Denial of Service Vulnerability CVE-2021-1624 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ratenat-pYVLA7wM ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ratenat-pYVLA7wM"] +-------------------------------------------------------------------- 6) Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability CVE-2021-1615 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewc-dos-g6JruHRT ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewc-dos-g6JruHRT"] +-------------------------------------------------------------------- 7) Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers EoGRE Denial of Service Vulnerability CVE-2021-1611 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-gre-6u4ELzAT ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-gre-6u4ELzAT"] +-------------------------------------------------------------------- 8) Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Common Open Policy Service Denial of Service Vulnerability CVE-2021-1622 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbr8-cops-Vc2ZsJSx ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbr8-cops-Vc2ZsJSx"] +-------------------------------------------------------------------- 9) Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability CVE-2021-34699 SIR: High CVSS Score v(3.1): 7.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-trustsec-dos-7fuXDR2 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-trustsec-dos-7fuXDR2"] +-------------------------------------------------------------------- 10) Cisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability CVE-2021-1620 SIR: High CVSS Score v(3.1): 7.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-ebFrwMPr ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-ebFrwMPr"] +-------------------------------------------------------------------- 11) Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Simple Network Management Protocol Denial of Service Vulnerability CVE-2021-1623 SIR: High CVSS Score v(3.1): 7.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbr8snmp-zGjkZ9Fc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbr8snmp-zGjkZ9Fc"] +-------------------------------------------------------------------- 12) Cisco Access Points SSH Management Privilege Escalation Vulnerability CVE-2021-1419 SIR: High CVSS Score v(3.1): 7.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-ap-LLjsGxv ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-ap-LLjsGxv"] +-------------------------------------------------------------------- 13) Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability CVE-2021-34740 SIR: High CVSS Score v(3.1): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL"] +-------------------------------------------------------------------- 14) Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers IPv6 Denial of Service Vulnerability CVE-2021-34767 SIR: High CVSS Score v(3.1): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-ipv6-dos-NMYeCnZv ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-ipv6-dos-NMYeCnZv"] +-------------------------------------------------------------------- 15) Cisco IOS XE Software Interface Queue Wedge Denial of Service Vulnerability CVE-2021-1621 SIR: High CVSS Score v(3.1): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-quewedge-69BsHUBW ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-quewedge-69BsHUBW"] +-------------------------------------------------------------------- 16) Cisco IOS and IOS XE Software FXO Interface Destination Pattern Bypass Vulnerability CVE-2021-34705 SIR: High CVSS Score v(3.1): 5.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxo-pattern-bypass-jUXgygYv ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxo-pattern-bypass-jUXgygYv"] +-------------------------------------------------------------------- 17) Cisco IOS XE SD-WAN Software Command Injection Vulnerability CVE-2021-34729 SIR: Medium CVSS Score v(3.1): 6.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxesdwan-clicmdinj-7bYX5k3 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxesdwan-clicmdinj-7bYX5k3"] +-------------------------------------------------------------------- 18) Multiple Cisco Operating Systems Unidirectional Link Detection Denial of Service Vulnerability CVE-2021-34714 SIR: Medium CVSS Score v(3.1): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-nxos-xr-udld-dos-W5hGHgtQ ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-nxos-xr-udld-dos-W5hGHgtQ"] +-------------------------------------------------------------------- 19) Cisco IOS and IOS XE Software Link Layer Discovery Protocol Denial of Service Vulnerability CVE-2021-34703 SIR: Medium CVSS Score v(3.1): 6.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lldp-dos-sBnuHSjT ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lldp-dos-sBnuHSjT"] +-------------------------------------------------------------------- 20) Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability CVE-2021-34723 SIR: Medium CVSS Score v(3.1): 6.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-arbfileov-MVOF3ZZn ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-arbfileov-MVOF3ZZn"] +-------------------------------------------------------------------- 21) Cisco SD-WAN Software Command Injection Vulnerability CVE-2021-34726 SIR: Medium CVSS Score v(3.0): 6.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-maapi-cmdinjec-znUYTuC ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-maapi-cmdinjec-znUYTuC"] +-------------------------------------------------------------------- 22) Cisco IOS XE SD-WAN Software Command Injection Vulnerability CVE-2021-34725 SIR: Medium CVSS Score v(3.1): 6.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-maapi-privesc-KSUg7QSS ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-maapi-privesc-KSUg7QSS"] +-------------------------------------------------------------------- 23) Cisco SD-WAN vManage Software Disaster Recovery Feature Password Exposure Vulnerability CVE-2021-1589 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-credentials-ydYfskzZ ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-credentials-ydYfskzZ"] +-------------------------------------------------------------------- 24) Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability CVE-2021-34724 SIR: Medium CVSS Score v(3.1): 6.0 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-privesc-VP4FG3jD ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-privesc-VP4FG3jD"] +-------------------------------------------------------------------- 25) Cisco IOS XE Software Zone-Based Policy Firewall ICMP and UDP Inspection Vulnerability CVE-2021-1625 SIR: Medium CVSS Score v(3.1): 5.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-pP9jfzwL ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-pP9jfzwL"] +-------------------------------------------------------------------- 26) Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability CVE-2021-1612 SIR: Medium CVSS Score v(3.1): 5.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-GjR5pGOm ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-GjR5pGOm"] +-------------------------------------------------------------------- 27) Cisco ASR 900 and ASR 920 Series Aggregation Services Routers Access Control List Bypass Vulnerability CVE-2021-34696 SIR: Medium CVSS Score v(3.1): 5.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr900acl-UeEyCxkv ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr900acl-UeEyCxkv"] +-------------------------------------------------------------------- 28) Cisco IOS XE Software Protection Against Distributed Denial of Service Attacks Feature Vulnerability CVE-2021-34697 SIR: Medium CVSS Score v(3.1): 5.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-tguGuYq ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-tguGuYq"] +-------------------------------------------------------------------- 29) Cisco SD-WAN Software Information Disclosure Vulnerability CVE-2021-1546 SIR: Medium CVSS Score v(3.1): 5.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX"] +-------------------------------------------------------------------- 30) Cisco SD-WAN vManage Software Cypher Query Language Injection Vulnerability CVE-2021-34712 SIR: Medium CVSS Score v(3.1): 5.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-jOsuRJCc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-jOsuRJCc"] +-------------------------------------------------------------------- 31) Cisco IOS XE Software H.323 Application Level Gateway Bypass Vulnerability CVE-2021-1616 SIR: Medium CVSS Score v(3.1): 4.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-h323alg-bypass-4vy2MP2Q ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-h323alg-bypass-4vy2MP2Q"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================