Cisco released security updates to address multiple high-severity vulnerabilities in the IOS XR software that can be exploited to conduct multiple malicious activities, such as rebooting devices and elevate privileges.
The most severe of these vulnerabilities is a DoS issue tracked as CVE-2021-34720 (CVSS score 8.6). A remote, unauthenticated attacker can exploit this bug to exhaust the device packet memory and trigger a DoS condition.
The flaw resides in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) implemented in the Cisco IOS XR Software. An attacker can trigger the flaw by sending specific IP SLA or TWAMP packets to an affected device.
“A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition.” reads the advisory. “This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process.”
Another severe bug addressed by Cisco is an IOS XR Software Arbitrary File Read and Write vulnerability tracked as CVE-2021-34718 (CVSS 8.1). The flaw resides in the SSH Server process of Cisco IOS XR Software, it can allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device.
“This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.” reads the advisory.
Cisco also patched two other high severity privilege escalation bugs, respectively tracked as CVE-2021-34719 and CVE-2021-34728, and a denial of service issue tracked as CVE-2021-34713 that impactes ASR 9000 routers family.
The IT giant also fixed seven medium severity flaws in IOS XR software.
Cisco is not aware of attacks in the wild exploiting the above issues.
US CISA also published an advisory urging organizations to apply the security patches as soon as possible.
(SecurityAffairs – hacking, Cisco IOS XR)