CVE-2021-34771

MEDIUM

Cisco Ios XR < 7.3.2 - Information Disclosure

Title source: rule

Description

A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by running a specific command. A successful exploit could allow the attacker to view sensitive configuration information that their privileges might not otherwise allow them to access.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-infodisc-CjLdGMc5

Scores

CVSS v3 5.5

EPSS 0.0014

EPSS Percentile 33.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-201 CWE-200

Status published

Affected Products (1)

cisco/ios_xr < 7.3.2

Timeline

Published Sep 09, 2021

Tracked Since Feb 18, 2026