Between 25 August and 8 September 2021, CISCO released security updates addressing multiple vulnerabilities in its products and third-party components. We recommend applying the latest updates in a timely manner.
Two of the Cisco advisories address critical vulnerabilities:
CVE-2021-34746 is an authentication bypass vulnerability affecting Cisco Enterprise Cisco Network Functions Virtualization Infrastructure Software (NFVIS) Release 4.5.1, if the TACACS external authentication method is configured. TACACS+ authentication is an authorization and accounting (AAA) feature of Cisco Enterprise NFV. The flaw could allow an unauthenticated, remote threat actor to bypass authentication and log in to an affected device as an administrator. CVSS v3.1 Base Score: 9.8.
CVE-2021-1577 is a vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC). It could allow an unauthenticated, remote threat actor to read or write arbitrary files on an affected system. This vulnerability is caused by improper access controls. CVSS v3.1 Base Score: 9.1.
Cisco products have also been affected by OpenSSL vulnerabilities that were fixed in March 2021. Cisco released updates in September 2021 fixing these OpenSSL vulnerabilities in its products.
The issues are tracked as CVE-2021-3449 and CVE-2021-3450 and were assigned a CVSS v3.1 Base Score of 7.4. A threat actor could use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition on a vulnerable system.
The IOS XR software received the largest amount of updates fixing vulnerabilities ranging from medium to high severity.
CVE-2021-34720 could be exploited remotely without authentication to exhaust device packet memory, leading to a denial of service (DoS). CVSS v3.1 Base Score: 8.6.
CVE-2021-34718 in the SSH Server process of IOS XR that could be exploited by a remote attacker to overwrite and read arbitrary files. The exploitation of this bug requires authentication. CVSS v3.1 Base Score: 8.1
We recommend reviewing the Cisco advisories and applying the latest updates to mitigate the risk.