Ernakulam, Kerala

map icon mao preview icon map icon mao preview icon

call icon +91 974 669 0000 Make a Call

mail icon bde@comtechsystems.in

whatsapp icon +919746690000

website icon www.comtechsystems.in Go to Website

kochi

Copyright © 2026 Citymapia.com. All Rights Reserved

Three new critical flaws in Cisco's IOS XE software have been patched.

Three new critical flaws in Cisco's IOS XE software have been patched.

Posted On Sep 24, 2021

Three new critical flaws in Cisco's IOS XE software have been patched.

Cisco Systems has released updates for three significant security flaws in its IOS XE network operating system,  which remote attackers may possibly exploit to run arbitrary code with administrative rights and cause a denial-of-service (DoS) condition on susceptible devices.

The following is a list of three flaws:

• CVE-2021-34770 (CVE-2021-34770) (CVSS score: 10.0) CAPWAP Remote Code Execution Vulnerability in Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers

• CVE-2021-34727 (CVE-2021-34727) (CVE-2021-3 (CVSS score: 9.8) - Software Buffer Overflow Vulnerability in Cisco IOS XE SD-WAN

• CVE-2021-1619 (CVE-2021-1619) (CVSS score: 9.8) - Vulnerability in Cisco IOS XE Software NETCONF and RESTCONF Authentication

CVE-2021-34770 is the most serious of the vulnerabilities, which Cisco describes as a "logic mistake" that happens during the processing of CAPWAP (Control and Provisioning of Wireless Access Points) packets, which allow a central wireless Controller to control a set of wireless access points.

"An attacker might exploit this issue by transmitting a crafted CAPWAP packet to an affected device," the company warned in its notice. "A successful exploit might allow an attacker to run arbitrary code with administrator privileges or cause the compromised device to crash and restart, resulting in a DoS problem."


CVE-2021-34727, on the other hand, concerns an improper bounds check while receiving incoming network traffic to the device, allowing an attacker to send specially-crafted traffic that might cause the device to reload or execute arbitrary code with root-level privileges.

The problem affects the SD-WAN feature on 1000 Series Integrated Services Routers (ISRs), 4000 Series ISRs, ASR 1000 Series Aggregation Services Routers, and Cloud Services Router 1000V Series.

Finally, CVE-2021-1619 is a vulnerability in Cisco IOS XE Software's authentication, authorization, and accounting (AAA) function that allows an authenticated, remote adversary to "install, manipulate, or delete the configuration of a network device or corrupt memory on the device, resulting in a DoS."



Related items