cisco ios CVE-2021-34699 vulnerability in Cisco Products
Published on September 23, 2021

Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability
A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerability by requesting a particular CLI command to be run through the web UI. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2021-34699 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

What is an Interaction Error Vulnerability?

An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses. When a system or process combines multiple independent components, this often produces new, emergent behaviors at the system level. However, if the interactions between these components are not fully accounted for, some of the emergent behaviors can be incorrect or even insecure.

CVE-2021-34699 has been classified to as an Interaction Error vulnerability or weakness.


Products Associated with CVE-2021-34699

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-34699 are published in these products:

Cisco Internetwork Operating System (IOS)
 
Cisco IOS XE
 

Affected Versions

Cisco IOS Version n/a is affected by CVE-2021-34699

Exploit Probability

EPSS
0.70%
Percentile
71.70%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.