CVE-2021-34718

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software (affected versions not specified)

Description A vulnerability in the SSH Server process could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This issue is due to insufficient input validation of arguments supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device, potentially elevating their privileges and accessing files they should not have access to.

Recommendations For Cisco IOS XR Software, update to a version that includes the fix for this issue, as software updates have been released by Cisco to address this vulnerability. As a temporary workaround, consider restricting access to the Secure Copy Protocol (SCP) parameters to minimize the risk of exploitation. Avoid using the SCP file transfer method until the issue is resolved.