CVSS: 7.8EPSS: 0%CPEs: 63EXPL: 0CVE-2021-34728 – Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34728
09 Sep 2021 — Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la CLI de Cisco IOS XR Software podrían permitir a un atacante local autenticado con una cuenta de bajo privilegio elevar los privilegios en un dispositivo afectado. Para conseguir más información sobre estas ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 59EXPL: 0CVE-2021-34722 – Cisco IOS XR Software Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34722
09 Sep 2021 — Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en la CLI de Cisco IOS XR Software podrían permitir a un atacante local autenticado conseguir acceso al shell root subyacente de un dispositivo afectado y ejecutar comando... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.9EPSS: 0%CPEs: 59EXPL: 0CVE-2021-34721 – Cisco IOS XR Software Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34721
09 Sep 2021 — Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en la CLI de Cisco IOS XR Software podrían permitir a un atacante local autenticado conseguir acceso al shell root subyacente de un dispositivo afectado y ejecutar comando... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 63EXPL: 0CVE-2021-34719 – Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34719
09 Sep 2021 — Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la CLI de Cisco IOS XR Software podrían permitir a un atacante local autenticado con una cuenta de bajo privilegio elevar los privilegios en un dispositivo afectado. Para conseguir más información sobre estas ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.5EPSS: 1%CPEs: 51EXPL: 0CVE-2021-34718 – Cisco IOS XR Software Arbitrary File Read and Write Vulnerability
https://notcve.org/view.php?id=CVE-2021-34718
09 Sep 2021 — A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attack... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.9EPSS: 0%CPEs: 25EXPL: 0CVE-2021-34709 – Cisco IOS XR Software for Cisco 8000 and Network Convergence System 540 Series Routers Image Verification Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34709
09 Sep 2021 — Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en las comprobaciones de verificación de imágenes de los r... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-QN9mCzwn • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.2EPSS: 0%CPEs: 25EXPL: 0CVE-2021-34708 – Cisco IOS XR Software for Cisco 8000 and Network Convergence System 540 Series Routers Image Verification Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34708
09 Sep 2021 — Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en las comprobaciones de verificación de imágenes de los rout... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-QN9mCzwn • CWE-347: Improper Verification of Cryptographic Signature •