{"vulnerability": "CVE-2021-3472", "sightings": [{"uuid": "51715d23-90cc-4b7c-838c-a5ec879638fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34720", "type": "seen", "source": "https://t.me/cyberbannews_ir/3903", "content": "\u200d \ud83d\uded1\u063a\u0628\u0627\u0631 \u0631\u0648\u0628\u06cc \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 IOS XR \u062a\u0648\u0633\u0637 \u0633\u06cc\u0633\u06a9\u0648\n\n\u0634\u0631\u06a9\u062a \u0633\u06cc\u0633\u06a9\u0648 \u0646\u0633\u062e\u0647 \u0627\u0635\u0644\u0627\u062d\u06cc\u0647 \u0627\u06cc \u0631\u0627 \u0628\u0631\u0627\u06cc \u0686\u0646\u062f\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc \u0645\u0648\u062c\u0648\u062f \u062f\u0631 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 IOS XR \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f \u0648 \u0647\u0634\u062f\u0627\u0631 \u062f\u0627\u062f \u0645\u0647\u0627\u062c\u0645\u06cc\u0646 \u0645\u06cc \u062a\u0648\u0627\u0646\u0633\u062a\u0646\u062f \u0628\u0627 \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0632\u06cc\u0631 \u0631\u0627 \u0639\u0645\u0644\u06cc \u06a9\u0646\u0646\u062f:\n\n\u0631\u06cc\u0628\u0648\u062a \u062f\u0633\u062a\u06af\u0627\u0647 \u0647\u0627\n\u0627\u0641\u0632\u0627\u06cc\u0634 \u0633\u0637\u062d \u062f\u0633\u062a\u0631\u0633\u06cc\n\u062c\u0627\u0646\u0648\u06cc\u0633\u06cc \u0648 \u062e\u0648\u0627\u0646\u062f\u0646 \u0641\u0627\u06cc\u0644 \u0647\u0627\u06cc \u062f\u0644\u062e\u0648\u0627\u0647\n\u062c\u062f\u06cc \u062a\u0631\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0646\u0645\u0631\u0647 \u0634\u062f\u062a 8.6 \u0627\u0632 10 (CVE-2021-34720)\u060c \u0628\u0627\u06af\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0645\u0647\u0627\u062c\u0645\u06cc\u0646 \u0645\u06cc \u062a\u0648\u0627\u0646\u0646\u062f \u0628\u062f\u0648\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0648 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0622\u0646 \u0631\u0627 \u0645\u0648\u0631\u062f \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0642\u0631\u0627\u0631 \u062f\u0647\u0646\u062f \u0648 \u0628\u0627 \u062a\u062e\u0644\u06cc\u0647 \u067e\u06a9\u062a \u0645\u0645\u0648\u0631\u06cc \u062f\u0633\u062a\u06af\u0627\u0647\u060c \u0645\u0646\u062c\u0628\u0631 \u0628\u0647 \u062d\u0627\u0644\u062a \u0645\u0646\u0639 \u0633\u0631\u0648\u06cc\u0633 \u0634\u0648\u0646\u062f.\n\n\u0633\u06cc\u0633\u06a9\u0648 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062f\u06cc\u06af\u0631\u06cc \u0628\u0627 \u0634\u062f\u062a 8.1 \u0627\u0632 10 \u0631\u0627 \u0646\u06cc\u0632 \u062f\u0631 \u067e\u0631\u0648\u0633\u0647 \u0633\u0631\u0648\u0631 SSH \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 IOS XR \u0627\u0635\u0644\u0627\u062d \u06a9\u0631\u062f. \u0645\u0647\u0627\u062c\u0645\u06cc\u0646 \u0645\u06cc \u062a\u0648\u0627\u0646\u0633\u062a\u0646\u062f \u0628\u0627 \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc\u060c \u0641\u0627\u06cc\u0644 \u0647\u0627\u06cc \u062f\u0644\u062e\u0648\u0627\u0647 \u062e\u0648\u062f \u0631\u0627 \u062c\u0627 \u0646\u0648\u06cc\u0633\u06cc \u06a9\u0646\u0646\u062f \u0648 \u0628\u062e\u0648\u0627\u0646\u0646\u062f. \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0628\u0627\u06af\u060c \u0646\u06cc\u0627\u0632\u0645\u0646\u062f \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0628\u0648\u062f.\n\n\u062f\u0648 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc \u062f\u06cc\u06af\u0631 (CVE-2021-34728 \u0648 CVE-2021-34719) \u0646\u06cc\u0632 \u062f\u0631 IOS XR \u0627\u0635\u0644\u0627\u062d \u0634\u062f\u0646\u062f. \u0627\u0632 \u062f\u06cc\u06af\u0631 \u0646\u0642\u0635 \u0647\u0627\u06cc \u0627\u0635\u0644\u0627\u062d \u0634\u062f\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u0646\u0639 \u0633\u0631\u0648\u06cc\u0633\u06cc (CVE-2021-34713) \u0627\u0634\u0627\u0631\u0647 \u06a9\u0631\u062f \u06a9\u0647 \u0631\u0648\u062a\u0631\u0647\u0627\u06cc \u0633\u0631\u06cc ASR 9000 \u0631\u0627 \u062a\u062d\u062a \u0627\u0644\u0634\u0639\u0627\u0639 \u0642\u0631\u0627\u0631 \u0645\u06cc \u062f\u0627\u062f. \n\n7 \u0628\u0627\u06af \u0627\u0645\u0646\u06cc\u062a\u06cc \u062f\u06cc\u06af\u0631 \u0646\u06cc\u0632 \u062f\u0631 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 IOS XR \u0627\u0635\u0644\u0627\u062d \u0634\u062f. \u0634\u0631\u06a9\u062a \u0633\u06cc\u0633\u06a9\u0648 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u0645\u0630\u06a9\u0648\u0631 \u0631\u0627 \u062f\u0631 \u0646\u0633\u062e\u0647 \u0627\u0635\u0644\u0627\u062d\u06cc\u0647 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0633\u067e\u062a\u0627\u0645\u0628\u0631 2021 \u062e\u0648\u062f \u0627\u0635\u0644\u0627\u062d \u06a9\u0631\u062f. \n\n\u0622\u0698\u0627\u0646\u0633 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc \u0648 \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a \u062f\u0648\u0644\u062a \u0622\u0645\u0631\u06cc\u06a9\u0627 \u0646\u06cc\u0632 \u0627\u0632 \u0633\u0627\u0632\u0645\u0627\u0646 \u0647\u0627 \u062e\u0648\u0627\u0633\u062a \u062a\u0627 \u0647\u0631 \u0686\u0647 \u0633\u0631\u06cc\u0639 \u062a\u0631 \u0646\u0633\u062e\u0647 \u0647\u0627\u06cc \u0627\u0635\u0644\u0627\u062d\u06cc\u0647 \u0633\u06cc\u0633\u06a9\u0648 \u0631\u0627 \u0646\u0635\u0628 \u06a9\u0646\u0646\u062f. \n\n#\u0633\u06cc\u0633\u06a9\u0648\n\n@cyberbannews_ir", "creation_timestamp": "2021-09-12T04:53:55.000000Z"}, {"uuid": "073eb5e5-a844-4c89-b2e1-e04413cd2aee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34728", "type": "seen", "source": "https://t.me/cyberbannews_ir/3903", "content": "\u200d \ud83d\uded1\u063a\u0628\u0627\u0631 \u0631\u0648\u0628\u06cc \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 IOS XR \u062a\u0648\u0633\u0637 \u0633\u06cc\u0633\u06a9\u0648\n\n\u0634\u0631\u06a9\u062a \u0633\u06cc\u0633\u06a9\u0648 \u0646\u0633\u062e\u0647 \u0627\u0635\u0644\u0627\u062d\u06cc\u0647 \u0627\u06cc \u0631\u0627 \u0628\u0631\u0627\u06cc \u0686\u0646\u062f\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc \u0645\u0648\u062c\u0648\u062f \u062f\u0631 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 IOS XR \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f \u0648 \u0647\u0634\u062f\u0627\u0631 \u062f\u0627\u062f \u0645\u0647\u0627\u062c\u0645\u06cc\u0646 \u0645\u06cc \u062a\u0648\u0627\u0646\u0633\u062a\u0646\u062f \u0628\u0627 \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627 \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0632\u06cc\u0631 \u0631\u0627 \u0639\u0645\u0644\u06cc \u06a9\u0646\u0646\u062f:\n\n\u0631\u06cc\u0628\u0648\u062a \u062f\u0633\u062a\u06af\u0627\u0647 \u0647\u0627\n\u0627\u0641\u0632\u0627\u06cc\u0634 \u0633\u0637\u062d \u062f\u0633\u062a\u0631\u0633\u06cc\n\u062c\u0627\u0646\u0648\u06cc\u0633\u06cc \u0648 \u062e\u0648\u0627\u0646\u062f\u0646 \u0641\u0627\u06cc\u0644 \u0647\u0627\u06cc \u062f\u0644\u062e\u0648\u0627\u0647\n\u062c\u062f\u06cc \u062a\u0631\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0646\u0645\u0631\u0647 \u0634\u062f\u062a 8.6 \u0627\u0632 10 (CVE-2021-34720)\u060c \u0628\u0627\u06af\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0645\u0647\u0627\u062c\u0645\u06cc\u0646 \u0645\u06cc \u062a\u0648\u0627\u0646\u0646\u062f \u0628\u062f\u0648\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0648 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0622\u0646 \u0631\u0627 \u0645\u0648\u0631\u062f \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0642\u0631\u0627\u0631 \u062f\u0647\u0646\u062f \u0648 \u0628\u0627 \u062a\u062e\u0644\u06cc\u0647 \u067e\u06a9\u062a \u0645\u0645\u0648\u0631\u06cc \u062f\u0633\u062a\u06af\u0627\u0647\u060c \u0645\u0646\u062c\u0628\u0631 \u0628\u0647 \u062d\u0627\u0644\u062a \u0645\u0646\u0639 \u0633\u0631\u0648\u06cc\u0633 \u0634\u0648\u0646\u062f.\n\n\u0633\u06cc\u0633\u06a9\u0648 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062f\u06cc\u06af\u0631\u06cc \u0628\u0627 \u0634\u062f\u062a 8.1 \u0627\u0632 10 \u0631\u0627 \u0646\u06cc\u0632 \u062f\u0631 \u067e\u0631\u0648\u0633\u0647 \u0633\u0631\u0648\u0631 SSH \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 IOS XR \u0627\u0635\u0644\u0627\u062d \u06a9\u0631\u062f. \u0645\u0647\u0627\u062c\u0645\u06cc\u0646 \u0645\u06cc \u062a\u0648\u0627\u0646\u0633\u062a\u0646\u062f \u0628\u0627 \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc\u060c \u0641\u0627\u06cc\u0644 \u0647\u0627\u06cc \u062f\u0644\u062e\u0648\u0627\u0647 \u062e\u0648\u062f \u0631\u0627 \u062c\u0627 \u0646\u0648\u06cc\u0633\u06cc \u06a9\u0646\u0646\u062f \u0648 \u0628\u062e\u0648\u0627\u0646\u0646\u062f. \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0628\u0627\u06af\u060c \u0646\u06cc\u0627\u0632\u0645\u0646\u062f \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0628\u0648\u062f.\n\n\u062f\u0648 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc \u062f\u06cc\u06af\u0631 (CVE-2021-34728 \u0648 CVE-2021-34719) \u0646\u06cc\u0632 \u062f\u0631 IOS XR \u0627\u0635\u0644\u0627\u062d \u0634\u062f\u0646\u062f. \u0627\u0632 \u062f\u06cc\u06af\u0631 \u0646\u0642\u0635 \u0647\u0627\u06cc \u0627\u0635\u0644\u0627\u062d \u0634\u062f\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u0646\u0639 \u0633\u0631\u0648\u06cc\u0633\u06cc (CVE-2021-34713) \u0627\u0634\u0627\u0631\u0647 \u06a9\u0631\u062f \u06a9\u0647 \u0631\u0648\u062a\u0631\u0647\u0627\u06cc \u0633\u0631\u06cc ASR 9000 \u0631\u0627 \u062a\u062d\u062a \u0627\u0644\u0634\u0639\u0627\u0639 \u0642\u0631\u0627\u0631 \u0645\u06cc \u062f\u0627\u062f. \n\n7 \u0628\u0627\u06af \u0627\u0645\u0646\u06cc\u062a\u06cc \u062f\u06cc\u06af\u0631 \u0646\u06cc\u0632 \u062f\u0631 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 IOS XR \u0627\u0635\u0644\u0627\u062d \u0634\u062f. \u0634\u0631\u06a9\u062a \u0633\u06cc\u0633\u06a9\u0648 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u0645\u0630\u06a9\u0648\u0631 \u0631\u0627 \u062f\u0631 \u0646\u0633\u062e\u0647 \u0627\u0635\u0644\u0627\u062d\u06cc\u0647 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0633\u067e\u062a\u0627\u0645\u0628\u0631 2021 \u062e\u0648\u062f \u0627\u0635\u0644\u0627\u062d \u06a9\u0631\u062f. \n\n\u0622\u0698\u0627\u0646\u0633 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc \u0648 \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a \u062f\u0648\u0644\u062a \u0622\u0645\u0631\u06cc\u06a9\u0627 \u0646\u06cc\u0632 \u0627\u0632 \u0633\u0627\u0632\u0645\u0627\u0646 \u0647\u0627 \u062e\u0648\u0627\u0633\u062a \u062a\u0627 \u0647\u0631 \u0686\u0647 \u0633\u0631\u06cc\u0639 \u062a\u0631 \u0646\u0633\u062e\u0647 \u0647\u0627\u06cc \u0627\u0635\u0644\u0627\u062d\u06cc\u0647 \u0633\u06cc\u0633\u06a9\u0648 \u0631\u0627 \u0646\u0635\u0628 \u06a9\u0646\u0646\u062f. \n\n#\u0633\u06cc\u0633\u06a9\u0648\n\n@cyberbannews_ir", "creation_timestamp": "2021-09-12T04:53:55.000000Z"}, {"uuid": "8c97c1b3-f752-414c-a993-d7ca66762120", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34723", "type": "seen", "source": "https://t.me/cibsecurity/29271", "content": "\u203c CVE-2021-34723 \u203c\n\nA vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of the configuration database and gain root-level access to an affected device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-23T07:29:44.000000Z"}, {"uuid": "20361589-f8a0-471b-ad02-91ebef89dc7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34726", "type": "seen", "source": "https://t.me/cibsecurity/29269", "content": "\u203c CVE-2021-34726 \u203c\n\nA vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root-level privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-23T07:29:42.000000Z"}, {"uuid": "940471f1-9536-4a16-88f8-7405c4ccee0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34724", "type": "seen", "source": "https://t.me/cibsecurity/29268", "content": "\u203c CVE-2021-34724 \u203c\n\nA vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root user. An attacker must be authenticated on an affected device as a PRIV15 user. This vulnerability is due to insufficient file system protection and the presence of a sensitive file in the bootflash directory on an affected device. An attacker could exploit this vulnerability by overwriting an installer file stored in the bootflash directory with arbitrary commands that can be executed with root-level privileges. A successful exploit could allow the attacker to read and write changes to the configuration database on the affected device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-23T07:29:42.000000Z"}, {"uuid": "deaeecee-6d55-4084-93e7-0d30bc555e49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34721", "type": "seen", "source": "https://t.me/cibsecurity/28563", "content": "\u203c CVE-2021-34721 \u203c\n\nMultiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-09T12:29:43.000000Z"}, {"uuid": "5bcdbcd6-0d35-426b-b4ed-cd6ec343bf91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-34727", "type": "seen", "source": "https://t.me/cibsecurity/29254", "content": "\u203c CVE-2021-34727 \u203c\n\nA vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. A successful exploit could allow the attacker to cause a buffer overflow and possibly execute arbitrary commands with root-level privileges, or cause the device to reload, which could result in a denial of service condition.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-23T07:29:24.000000Z"}]}