CVE-2021-1619

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A vulnerability in the authentication, authorization, and accounting (AAA) function could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication. This could result in the installation, manipulation, or deletion of the configuration of an affected device, or cause memory corruption leading to a denial of service (DoS). The vulnerability is due to an uninitialized variable. An attacker could exploit this by sending a series of NETCONF or RESTCONF requests to an affected device.

Recommendations As a temporary workaround, consider disabling the NETCONF or RESTCONF functionality until a patch is available. Restrict access to the vulnerable AAA function to minimize the risk of exploitation. Avoid using the NETCONF or RESTCONF protocols until the issue is resolved. Update to a version of Cisco IOS XE Software that addresses this vulnerability, as mentioned in the Cisco security advisory. Apply the workarounds mentioned in the Cisco security advisory to address this vulnerability.