CVE-2021-1619— Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability

CVSS 9.8 · Critical EPSS 0.87% · P75 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-1619

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denial of service (DoS) on an affected device This vulnerability is due to an uninitialized variable. An attacker could exploit this vulnerability by sending a series of NETCONF or RESTCONF requests to an affected device. A successful exploit could allow the attacker to use NETCONF or RESTCONF to install, manipulate, or delete the configuration of a network device or to corrupt memory on the device, resulting a DoS.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

使用未经初始化的指针

Source: NVD (National Vulnerability Database)

Vulnerability Title

Cisco IOS 缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Cisco IOS是美国思科（Cisco）公司的一套为其网络设备开发的操作系统。 Cisco IOS XE Software 存在缓冲区错误漏洞，该漏洞源于变量未初始化造成的。攻击者可利用该漏洞向受影响的设备发送一系列NETCONF或RESTCONF请求来安装、操作或删除网络设备的配置，或损坏设备上的内存。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Cisco	Cisco IOS XE Software	n/a	-

II. Public POCs for CVE-2021-1619

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-1619

请登录查看更多情报信息。

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaa-Yx47ZT8Qvendor-advisoryx_refsource_CISCO
https://nvd.nist.gov/vuln/detail/CVE-2021-1619

Same Patch Batch · Cisco · 2021-09-23 · 33 CVEs total

CVE-2021-34770	10.0 CRITICAL	Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Exe
CVE-2021-34727	9.8 CRITICAL	Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability
CVE-2021-1624	8.6 HIGH	Cisco IOS XE Software Rate Limiting Network Address Translation Denial of Service Vulnerab
CVE-2021-1622	8.6 HIGH	Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Common Open Policy Servi
CVE-2021-1615	8.6 HIGH	Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service V
CVE-2021-1611	8.6 HIGH	Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers EoGRE Denial of Servic
CVE-2021-1565	8.6 HIGH	Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Servi
CVE-2021-34769	8.6 HIGH	Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Servi
CVE-2021-34768	8.6 HIGH	Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Servi
CVE-2021-1419	7.8 HIGH	Cisco Access Points SSH Management Privilege Escalation Vulnerability
CVE-2021-1623	7.7 HIGH	Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Simple Network Managemen
CVE-2021-1620	7.7 HIGH	Cisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability
CVE-2021-34699	7.7 HIGH	Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability
CVE-2021-1621	7.4 HIGH	Cisco IOS XE Software Interface Queue Wedge Denial of Service Vulnerability
CVE-2021-34767	7.4 HIGH	Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers IPv6 Denial of Service
CVE-2021-34740	7.4 HIGH	Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vul
CVE-2021-34714	7.4 HIGH	Multiple Cisco Operating Systems Unidirectional Link Detection Denial of Service Vulnerabi
CVE-2021-34703	6.8 MEDIUM	Cisco IOS and IOS XE Software Link Layer Discovery Protocol Denial of Service Vulnerabilit
CVE-2021-34729	6.7 MEDIUM	Cisco IOS XE SD-WAN Software Command Injection Vulnerability
CVE-2021-34725	6.7 MEDIUM	Cisco IOS XE SD-WAN Software Command Injection Vulnerability

Showing top 20 of 33 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Cisco IOS XE Software

Same vendor: Cisco

Same weakness: CWE-824

V. Comments for CVE-2021-1619

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-1619— Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability

I. Basic Information for CVE-2021-1619

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-1619

III. Intelligence Information for CVE-2021-1619

Same Patch Batch · Cisco · 2021-09-23 · 33 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-1619

Leave a comment