CVE-2021-1244 MEDIUM

CVE-2021-1244: Cisco IOS XR Software for Cisco 8000 Series Routers and Network Convergence System 540 Series Routers Image Verification Vulnerabilities

Vendor Cisco
Product Cisco IOS XR Software
Weakness CWE-347
Published February 4, 2021
Last update November 8, 2024

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Key dates

02Disclosure timeline

February 4, 2021 CVE published
November 8, 2024 Record updated