CVE-2021-1619 vulnerability in Cisco Products
Published on September 23, 2021
Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability
A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denial of service (DoS) on an affected device This vulnerability is due to an uninitialized variable. An attacker could exploit this vulnerability by sending a series of NETCONF or RESTCONF requests to an affected device. A successful exploit could allow the attacker to use NETCONF or RESTCONF to install, manipulate, or delete the configuration of a network device or to corrupt memory on the device, resulting a DoS.
Vulnerability Analysis
CVE-2021-1619 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Access of Uninitialized Pointer
The program accesses or uses a pointer that has not been initialized.
Products Associated with CVE-2021-1619
Want to know whenever a new CVE is published for Cisco products? stack.watch will email you.
Affected Versions
Cisco IOS XE Software Version n/a is affected by CVE-2021-1619Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.