Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0388 Cisco IOS XR Software Vulnerabilities 4 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco IOS XR Software Publisher: Cisco Systems Operating System: Cisco Impact/Access: Denial of Service -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-1313 CVE-2021-1288 CVE-2021-1268 CVE-2021-1243 CVE-2021-1128 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dos-WwDdghs2 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-7MKrW7Nq https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-infodisc-4mtm9Gyt Comment: This bulletin contains four (4) Cisco Systems security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco IOS XR Software Enf Broker Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-iosxr-dos-WwDdghs2 First Published: 2021 February 3 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCuy67256 CSCuz39742 CVE Names: CVE-2021-1288 CVE-2021-1313 CWEs: CWE-399 Summary o Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dos-WwDdghs2 Affected Products o Vulnerable Products These vulnerabilities affect Cisco devices if they are running an affected release of Cisco IOS XR Software. For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by these vulnerabilities. Cisco has confirmed that these vulnerabilities do not affect the following Cisco products: IOS Software IOS XE Software NX-OS Software Details o The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit the other vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerability. Details about the vulnerabilities are as follows. CVE-2021-1288: Cisco IOS XR Software Enf Broker Denial of Service Vulnerability A vulnerability in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. The vulnerability is due to a logic error that occurs when an affected device processes Telnet protocol packets. An attacker could exploit this vulnerability by sending specific streams of packets to the affected device. A successful exploit could allow the attacker to cause the enf_broker process to crash, which could lead to system instability and the inability to process or forward traffic through the affected device. This vulnerability can be exploited using specific, crafted streams of packets over either IPv4 or IPv6. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug ID(s): CSCuz39742 CVE ID: CVE-2021-1288 Security Impact Rating (SIR): High CVSS Base Score: 8.6 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-1313: Cisco IOS XR Software Enf Broker Denial of Service Vulnerability A vulnerability in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. The vulnerability is due to improper resource allocation when an affected device processes either ICMP or Telnet protocol packets. An attacker could exploit this vulnerability by sending specific streams of packets to the affected device. A successful exploit could allow the attacker to cause the enf_broker process to leak system memory. Over time, this memory leak could cause the enf_broker process to crash, which could lead to system instability and the inability to process or forward traffic through the affected device. This vulnerability can be exploited using specific, crafted streams of packets over either IPv4 or IPv6. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug ID(s): CSCuy67256 CVE ID: CVE-2021-1313 Security Impact Rating (SIR): High CVSS Base Score: 8.6 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Indicators of Compromise o Exploitation of either of these vulnerabilities can result in a crash of the enf_broker process on an affected device. When a device has experienced a crash of the enf_broker process, the following messages may be seen in the system logs: %OS-SYSMGR-3-ERROR : enf_broker(1) (jid 209) exited, will be respawned with a delay (slow-restart) %OS-SYSMGR-3-ERROR : enf_broker(209) (fail count 28597) will be respawned in 120 seconds %OS-DUMPER-7-DUMP_REQUEST : Dump request for process pkg/bin/ enf_broker%OS-DUMPER-7-DUMP_ATTRIBUTE : Dump request with attribute 200 for process pkg/bin/enf_broker These error messages indicate that the enf_broker process has crashed. However, the process may have crashed for a reason other than the exploitation of one of these vulnerabilities. Customers are advised to contact their support organization to review the error messages and determine whether the device has been compromised by an exploitation of one of these vulnerabilities. Workarounds o There are no workarounds for these vulnerabilities. However, multiple mitigations are available. As a mitigation for CVE-2021-1288, customers can disable the Telnet protocol for incoming connections. Information on how to disable Telnet can be found in the Cisco Guide to Harden Cisco IOS XR Devices. Because CVE-2021-1313 can be exploited when processing a stream of either Telnet or ICMP protocol packets, the following steps for mitigation should be implemented together to ensure protection against the two attack vectors: Disable the Telnet protocol for incoming connections. Implement an access control entry (ACE) to an existing interface ACL or create a new ACL that denies ICMP traffic that is inbound to a specific interface. The following input is an example of how to create an IPv4 ACL and deny ICMP traffic: P/0/0/CPU0:router(config)# ipv4 access-list <acl_name> deny icmp any any For information on how to perform both of these mitigations, see the Cisco Guide to Harden Cisco IOS XR Devices . While these mitigations have been deployed and were proven successful in a test environment, customers should determine the applicability and effectiveness on their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network, based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating their applicability to their own environment and any impact to such environment. Fixed Software o Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Customers are advised to upgrade to an appropriate fixed software release as indicated in the following table(s): Cisco IOS XR First Fixed First Fixed First Fixed Release for All Software Release for Release for Vulnerabilities Described in This Release CVE-2021-1288 CVE-2021-1313 Advisory (CSCuz39742) (CSCuy67256) Migrate to a 5.2.47 ^1 5.0 fixed 5.3.4 None. Apply SMU. release. 6.0 6.0.2 Not 6.0.2 vulnerable. 7.0 and later Not Not Not vulnerable. vulnerable. vulnerable. ^ 1 Cisco IOS XR Software Release 5.2.47 addresses CVE-2021-1313 on Cisco Network Convergence System 4000 Series. For all other affected platforms that are running Cisco IOS XR, Cisco has fixed CVE-2021-1313 on Cisco IOS XR 5.3.4 software release and later. Cisco has released SMUs that address these vulnerabilities. The following tables provide the SMU name for each release based on platform. Although names of the SMUs include CSCuy67256 only, the SMUs contain the fixes for both CSCuz39742 and CSCuy67256. Cisco IOS XR Software Release Platform SMU Name 5.1.3 ASR9K-PX asr9k-px-5.1.3.CSCuy67256 5.3.2 ASR9K-PX asr9k-px-5.3.2.CSCuy67256 5.3.3 ASR9K-PX asr9k-px-5.3.3.CSCuy67256 CRS-PX hfr-px-5.3.3.CSCuy67256 Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. Source o CVE-2021-1288: Cisco would like to thank the U.S. National Security Agency (NSA) for reporting this vulnerability. CVE-2021-1313: This vulnerability was found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dos-WwDdghs2 Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2021-FEB-03 | +----------+---------------------------+----------+--------+--------------+ - -------------------------------------------------------------------------------- Subject: New Cisco bulletin: Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability From: cisco-bulletins@auscert.org.au Date: Wed, 3 Feb 2021 19:52:04 +0000 (UTC) To: auto-bulletins@auscert.org.au TITLE: Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K Found CVEs: CVE-2021-1268 CVE-2021-1268 No information found. === ESB ===vVv=== SCRAPED BULLETIN BODY ===vVv=== ESB === Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-xripv6-spJem78K First Published: 2021 February 3 16:00 GMT Version 1.0: Final Workarounds: Yes Cisco Bug IDs: CSCvv45504 CVE Names: CVE-2021-1268 CWEs: CWE-1076 Summary o A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same network as the management interfaces and injecting IPv6 packets that have an IPv6 node-local multicast group address destination. A successful exploit could allow the attacker to cause an IPv6 flood on the corresponding network. Depending on the number of Cisco IOS XR Software nodes on that network segment, exploitation could cause excessive network traffic, resulting in network degradation or a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K Affected Products o Vulnerable Products This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS XR Software and the management interface is configured with both of the following: An IPv6 address The default IPv6 static route with next-hop on the management interface segment For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Details o If this vulnerability is exploited, the number of packets that are forwarded to the network is dependent on the number of Cisco IOS XR Software management interfaces that are connected to the network segment. The more Cisco IOS XR devices that have management interfaces and are connected to the same Layer 2 domain, the more packets that are forwarded on the Layer 2 segment. An excessive number of forwarded packets could result in network degradation and possibly cause a denial of service (DoS) condition on the network. Workarounds o Removing the default IPv6 static route and adding a prefix-specific route would mitigate this vulnerability. For example, removing the default IPv6 static route and adding an IPv6 static route of 2000::/3 <next hop> would mitigate this vulnerability. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Cisco fixed this vulnerability in Cisco IOS XR Software releases 6.7.3, 7.1.3, 7.2.2, and 7.3.1. Cisco has released software maintenance upgrades (SMUs) to address this vulnerability. Customers who require SMUs for other platforms and releases are advised to contact their support organization. Cisco IOS XR Software Release Platform SMU Name 6.3.1 NCS1K ncs1k-6.3.1.CSCvv45504 NCS1001 ncs1001-6.3.1.CSCvv45504 6.5.2 NCS1K ncs1k-6.5.2.CSCvv45504 NCS1001 ncs1001-6.5.2.CSCvv45504 Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2021-FEB-03 | +----------+---------------------------+----------+--------+--------------+ - -------------------------------------------------------------------------------- Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability Priority: Medium Advisory ID: cisco-sa-snmp-7MKrW7Nq First Published: 2021 February 3 16:00 GMT Version 1.0: Final Workarounds: Yes Cisco Bug IDs: CSCvt93184 CVE Names: CVE-2021-1243 CWEs: CWE-284 Summary o A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by connecting to an affected device using SNMP. A successful exploit could allow the attacker to connect to the device on the configured SNMP ports. Valid credentials are required to execute any of the SNMP requests. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-7MKrW7Nq Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco IOS XR Software releases later than Release 6.1.1 and earlier than releases 6.6.4, 6.7.2, 7.0.2, 7.0.12, 7.1.1, and 7.2.1. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. A device is vulnerable if it is configured with either SNMPv2 or SNMPv3, if it is using management plane protection with the Out-of-Band Management Interface, and if a VRF is configured, as shown in the following example: RP/0/RSP1/CPU0:IOS-XR#show running-config control-plane <snip> control-plane management-plane out-of-band vrf MGMT interface MgmtEth0/RSP0/CPU0/0 allow SNMP peer address ipv4 X1.X2.X3.X4 address ipv4 R1.R2.R3.R4 address ipv4 S1.S2.S3.S4 address ipv4 V1.V2.V3.V4 ! ! interface MgmtEth0/RSP1/CPU0/0 ! allow SNMP peer address ipv4 X1.X2.X3.X4 address ipv4 R1.R2.R3.R4 address ipv4 S1.S2.S3.S4 address ipv4 V1.V2.V3.V4 ! Note: No other management protocols that are supported by the management plane protection feature are affected. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Details o If the management plane protection for SNMP is configured before SNMP is configured on the device or if the SNMP process restarts, the LPTS bindings will no longer reflect the management plane protection configuration for SNMP. Access would then be permitted, as shown in the following example: RP/0/RSP1/CPU0:IOS-XR#show lpts bindings brief | include Mg0 Tue Feb 2 20:53:03.606 UTC 0/RSP1/CPU0 UDP LR IPV6 UDP MGMT Mg0/RSP0/CPU0/0 any,161 any 0/RSP1/CPU0 UDP LR IPV6 UDP MGMT Mg0/RSP1/CPU0/0 any,161 any 0/RSP1/CPU0 UDP LR IPV6 UDP MGMT Mg0/RSP0/CPU0/0 any,162 any 0/RSP1/CPU0 UDP LR IPV4 UDP MGMT Mg0/RSP0/CPU0/0 any,162 any 0/RSP1/CPU0 UDP LR IPV4 UDP MGMT Mg0/RSP0/CPU0/0 any,161 any 0/RSP1/CPU0 UDP LR IPV4 UDP MGMT Mg0/RSP1/CPU0/0 any,161 any RP/0/RSP1/CPU0:IOS-XR# Workarounds o A temporary workaround is to remove and reapply the SNMP management plane protection configuration. Doing this will ensure that SNMP is configured first and the LPTS entries are correctly programmed. However, if the SNMP process restarts, the vulnerable LPTS entry state would reappear. Alternatively, apply an access control list (ACL) directly to the SNMP configuration, as shown in the following example: RP/0/RSP1/CPU0:IOS-XR#conf t RP/0/RSP1/CPU0:IOS-XR(config)# RP/0/RSP1/CPU0:IOS-XR(config)#ipv4 access-list allow_snmp permit udp host A.B.C.D any eq 161 RP/0/RSP1/CPU0:IOS-XR(config)#ipv4 access-list allow_snmp permit udp host A.B.C.D any eq 162 RP/0/RSP1/CPU0:IOS-XR(config)#snmp-server community example RO allow_snmp RP/0/RSP1/CPU0:IOS-XR(config)#commit RP/0/RSP1/CPU0:IOS-XR(config)# RP/0/RSP1/CPU0:IOS-XR# Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco IOS XR Software releases 6.6.4, 6.7.2, 7.0.2, 7.0.12, 7.1.1, and 7.2.1 and later contained the fix for this vulnerability. Note: Changes that are made by Cisco bug ID CSCvr95904 prevent this vulnerability from being exploited. As a result, the first fixed data is a combination of the first fix from both CSCvr95904 and CSCvt93184. Cisco has also released software maintenance upgrades (SMUs) that address this vulnerability for the following Cisco IOS XR Software releases and platforms: Cisco IOS XR Software Release Platform SMU Name 6.4.2 ASR9K-PX asr9k-px-6.4.2.CSCvt93184 CRS-PX hfr-px-6.4.2.CSCvt93184 6.6.3 NCS5500 ncs5500-6.6.3.CSCvt93184 See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-7MKrW7Nq Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2021-FEB-03 | +----------+---------------------------+----------+--------+--------------+ - -------------------------------------------------------------------------------- Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability Priority: Medium Advisory ID: cisco-sa-ios-infodisc-4mtm9Gyt First Published: 2021 February 3 16:00 GMT Version 1.0: Final Workarounds: Yes Cisco Bug IDs: CSCvt41022 CVE Names: CVE-2021-1128 CWEs: CWE-201 Summary o A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain sensitive information within the configuration that otherwise might not have been accessible beyond the privileges of the invoking user. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-infodisc-4mtm9Gyt Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco IOS XR Software releases earlier than 7.1.2, 7.2.1, and 7.3.1. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Workarounds o There is a workaround that addresses this vulnerability. Administrators can configure the following to limit the information that is displayed to the unprivileged user: aaa authorization exec default local Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco IOS XR Software releases 6.7.2, 7.1.2, 7.2.1, and later contained the fix for this vulnerability. Cisco has not released Software Maintenance Upgrades (SMUs) that address this vulnerability. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-infodisc-4mtm9Gyt Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2021-FEB-03 | +----------+---------------------------+----------+--------+--------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYBtY0eNLKJtyKPYoAQhi/w/+PgRJxs6ExU8grXYvoog3OKBareFdF9t7 GqbKeG4caejVtq0R8pFMqgFbOFYRliVVRaa2s02IdTMwLwV72Y0dtSpaNoAe/48d 0oIOwxcZ89Op0hQtedxqtccAPYcVOdTWYRIXW+TuGMUgTz5lxqH5igwivloJa62L 7lZ5xodHPtUywMTC2gRPPXzQS24N++3zI8CW6F2AZuouFreARyYn9qdEaqr11jVJ n4el//JSi5PRPIRjFS7ob7UXEUbphKeW/XpY5MG5EPz11wUue9G84znv+D2IAOoO XLeh6HZ16FEy3LKz6FkrzQz3ZGkVO+Zcwpwx9s1gFuspdZsVu/zsgCbz3J9ojmNK sYXE8IODyyMBzO9JyWVa3oVmzsgEKPpE8LVLCPeEasGsF+1WY+V5YAZrk3j4iQSZ GImoVgjfl169ljsOy+YxxWW4iSZ/uLlxb2Bx3TU1c8CtAhBBpLl1t/4SDo3ixlg9 bw0eW6inIDutTtpTHuiq9xIAk8hdoHCKmVqKFrIpdxnprjm8IpxQsSht0h2KLQxd fBHCQBlflfieLrcJApX+nGmeMRguR39KZbbwNcFWIC43w+z2jVnsHanCdmiGpE+B OFUs5qV17lv4YIohuYcrp/6yLtPaRm+cLQD2ObPer8llRRkHDU2Oxb3MgZiTqDK5 pDpUj7Xtv5E= =U0Y/ -----END PGP SIGNATURE-----