Main Vulnerability Database SB2021092312

SB2021092312 - Security features bypass in Cisco IOS and IOS XE Software

Published: September 23, 2021

Security Bulletin ID SB2021092312

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security features bypass (CVE-ID: CVE-2021-34705)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient validation of dial strings at Foreign Exchange Office (FXO) interfaces in the Voice Telephony Service Provider (VTSP) service. A remote attacker can send a specially crafted dial string and conduct toll fraud, resulting in unexpected financial impact to affected customers.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxo-pattern-bypass-jUXgygYv