CVE-2021-1244

Name of the Vulnerable Software and Affected Versions: Cisco Network Convergence System (NCS) 540 Series Routers versions running Cisco IOS XR NCS540L software images Cisco IOS XR Software for the Cisco 8000 Series Routers (affected versions not specified)

Description: The issue is related to errors in cryptographic signature verification in the Cisco IOS XR operating system image verification function for the Network Convergence System 540 Series and Cisco 8000 Series routers. This could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device.

Recommendations: For Cisco Network Convergence System (NCS) 540 Series Routers running Cisco IOS XR NCS540L software images, update to a version that includes the software updates released by Cisco to address these vulnerabilities. For Cisco IOS XR Software for the Cisco 8000 Series Routers, update to a version that includes the software updates released by Cisco to address these vulnerabilities. As a temporary workaround, consider restricting access to the boot process to minimize the risk of exploitation.