SB2021020503 - Security restrictions bypass in SNMP Management Plane in Cisco IOS XR
Published: February 5, 2021
Security Bulletin ID
SB2021020503
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper access control (CVE-ID: CVE-2021-1243)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software. A remote non-authenticated attacker can bypass implemented security restrictions and connect to SNMP server despite the management plane protection.
Remediation
Install update from vendor's website.