CVE-2021-34771
MEDIUMCisco IOS XR < 7.3.2 - Authenticated Information Disclosure via CLI Command
Title source: llmDescription
A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by running a specific command. A successful exploit could allow the attacker to view sensitive configuration information that their privileges might not otherwise allow them to access.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-infodisc-CjLdGMc5
Scores
CVSS v3
5.5
EPSS
0.0013
EPSS Percentile
31.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-201
CWE-200
Status
published
Products (1)
cisco/ios_xr
< 7.3.2
Published
Sep 09, 2021
Tracked Since
Feb 18, 2026