CVE-2021-34722

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software (affected versions not specified)

Description The issue exists due to the lack of neutralization of special elements used in the operating system command. This could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges.

Recommendations For all affected versions, update to the latest software version that addresses these vulnerabilities, as released by Cisco. At the moment, there is no information about specific versions that contain a fix for this vulnerability, but Cisco has released software updates that address these vulnerabilities. As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation.