U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2021-34718

Change History

Initial Analysis 9/21/2021 4:01:33 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions up to (excluding) 7.3.2
          *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.1
     OR
          cpe:2.3:h:cisco:asr_9000v-v2:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions up to (excluding) 7.3.2
          *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.1
     OR
          cpe:2.3:h:cisco:ios_xrv:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions up to (excluding) 7.3.2
          *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.1
     OR
          cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions up to (excluding) 7.3.2
          *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.1
     OR
          cpe:2.3:h:cisco:ncs_4009:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:ncs_4016:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions up to (excluding) 7.3.2
          *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.1
     OR
          cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions up to (excluding) 7.3.2
          *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.1
     OR
          cpe:2.3:h:cisco:ncs_520:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:ncs_540_fronthaul:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions up to (excluding) 7.3.2
          *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.1
     OR
          cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions up to (excluding) 7.3.2
          *cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (excluding) 7.4.1
     OR
          cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*
          cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
NIST (AV:N/AC:L/Au:S/C:C/I:C/A:N)
Added CVSS V3.1

								
							
							
						
NIST AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Added CWE

								
							
							
						
NIST CWE-88
Changed Reference Type
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2 No Types Assigned
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2 Vendor Advisory