#VU56841 Security features bypass in Cisco IOS and Cisco IOS XE - CVE-2021-34705
Published: September 23, 2021
Vulnerability identifier: #VU56841
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-34705
CWE-ID: CWE-254
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS
Cisco IOS XE
Cisco IOS
Cisco IOS XE
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient validation of dial strings at Foreign Exchange Office (FXO) interfaces in the Voice Telephony Service Provider (VTSP) service. A remote attacker can send a specially crafted dial string and conduct toll fraud, resulting in unexpected financial impact to affected customers.
Remediation
Install updates from vendor's website.