Cisco issued patches for a number of high-severity flaws in its IOS XR software, warning that attackers might use them to elevate privileges, reboot devices, or overwrite and read arbitrary data.
CVE-2021-34720 (CVSS score 8.6) is the most serious of these flaws, a defect that could be exploited remotely without authentication to deplete device packet memory, resulting in a denial of service (DoS) issue.
Because socket formation failures are not handled effectively throughout the IP SLA and TWAMP procedures, the issue was discovered in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) capabilities of IOS XR.
To Read More: Securityweek
For more such updates follow us on Google News ITsecuritywire News.