Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability
CVE-2021-34727

9.8CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco iOS Xe Sd-wan Software
Vendor: CVE Published:; 23 September 2021

Badges

👾 Exploit Exists

Summary

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. A successful exploit could allow the attacker to cause a buffer overflow and possibly execute arbitrary commands with root-level privileges, or cause the device to reload, which could result in a denial of service condition.

Affected Version(s)

Cisco IOS XE SD-WAN Software

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Sep 23, 2021
Vulnerability Reserved
Jun 15, 2021