Cisco Releases Semi-annual Bundled Security Updates for IOS XR Software

Threat ID:: CC-3938
Threat Severity:: Information only
Published:: 9 September 2021 9:57 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Affected platforms

The following platforms are known to be affected:

Versions: 4.x.x and earlier, 5.x.x, 6.x.x, 7.x.x, prior to 7.4.1

Cisco IOS XR

Threat details

Introduction

Cisco has released 9 security advisories that cover 12 vulnerabilities in its semi-annual bundle of Cisco IOS XR Software. The 4 vulnerabilities with a high impact rating concern authenticated user privilege escalation, arbitrary file read and write, ASR 9000 Series routers denial of service, and a denial of service for IP Service Level Agreements and Two-Way Active Measurement Protocol. Five medium impact vulnerabilities are included in the bundle. A remote attacker could exploit these vulnerabilities to take control of an affected system.

Remediation advice

Affected organisations are encouraged to review September 2021 Semi-annual Cisco IOS XR Software Security Advisory Bundled Publication and the following Cisco Security Advisories and apply the necessary updates or workarounds.

Remediation steps

Type	Step
Patch	Cisco IOS XR Software IP Service Level Agreements and Two-Way Active Measurement Protocol Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP
Patch	Cisco IOS XR Software Arbitrary File Read and Write Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2
Patch	Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf
Patch	Cisco IOS XR Software for ASR 9000 Series Routers Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-npspin-QYpwdhFD
Patch	Cisco IOS XR Software Border Gateway Protocol Resource Public Key Infrastructure Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrbgp-rpki-dos-gvmjqxbk
Patch	Cisco IOS XR Software Command Injection Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc
Patch	Cisco IOS XR Software for Cisco 8000 and Network Convergence System 540 Series Routers Image Verification Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-QN9mCzwn
Patch	Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dhcp-dos-pjPVReLU
Patch	Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-infodisc-CjLdGMc5