CVE-2021-34705

Name: CVE-2021-34705
Creator: NVD / NIST
Published: 2021-09-23T03:15:17.24+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.3/10EPSS 0.97%

Last modified Jun 17, 2026

CVE-2021-34705 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial strings at Foreign Exchange Office (FXO) interfaces. EPSS estimates a 0.97% chance of exploitation in the next 30 days.

Description

A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial strings at Foreign Exchange Office (FXO) interfaces. An attacker could exploit this vulnerability by sending a malformed dial string to an affected device via either the ISDN protocol or SIP. A successful exploit could allow the attacker to conduct toll fraud, resulting in unexpected financial impact to affected customers.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Probability

0.97%

57.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-232

Affected Software

Vendor	Product	Versions
Cisco	Ios	12.3\(7\)xm
Cisco	Ios	12.3\(7\)xr
Cisco	Ios	12.3\(7\)xr1
Cisco	Ios	12.3\(7\)xr2
Cisco	Ios	12.3\(7\)xr3
Cisco	Ios	12.3\(7\)xr4
Cisco	Ios	12.3\(7\)xr5
Cisco	Ios	12.3\(7\)xr6
Cisco	Ios	12.3\(7\)xr7
Cisco	Ios	12.3\(8\)ja2
Cisco	Ios	12.3\(8\)jea1
Cisco	Ios	12.3\(8\)jea2
Cisco	Ios	12.3\(8\)jea3
Cisco	Ios	12.3\(8\)jeb
Cisco	Ios	12.3\(8\)jeb1
Cisco	Ios	12.3\(8\)jec3
Cisco	Ios	12.3\(8\)jed1
Cisco	Ios	12.3\(8\)jee
Cisco	Ios	12.3\(8\)jk
Cisco	Ios	12.3\(8\)jk1
Cisco	Ios	12.3\(8\)t
Cisco	Ios	12.3\(8\)t0a
Cisco	Ios	12.3\(8\)t1
Cisco	Ios	12.3\(8\)t2
Cisco	Ios	12.3\(8\)t3
Cisco	Ios	12.3\(8\)t4
Cisco	Ios	12.3\(8\)t5
Cisco	Ios	12.3\(8\)t6
Cisco	Ios	12.3\(8\)t7
Cisco	Ios	12.3\(8\)t8
Cisco	Ios	12.3\(8\)t9
Cisco	Ios	12.3\(8\)t10
Cisco	Ios	12.3\(8\)t11
Cisco	Ios	12.3\(8\)xu
Cisco	Ios	12.3\(8\)xu1
Cisco	Ios	12.3\(8\)xu2
Cisco	Ios	12.3\(8\)xu3
Cisco	Ios	12.3\(8\)xu4
Cisco	Ios	12.3\(8\)xu5
Cisco	Ios	12.3\(8\)xw
Cisco	Ios	12.3\(8\)xw1
Cisco	Ios	12.3\(8\)xw1a
Cisco	Ios	12.3\(8\)xw1b
Cisco	Ios	12.3\(8\)xw2
Cisco	Ios	12.3\(8\)xw3
Cisco	Ios	12.3\(8\)xx
Cisco	Ios	12.3\(8\)xx1
Cisco	Ios	12.3\(8\)xx2
Cisco	Ios	12.3\(8\)xx2a
Cisco	Ios	12.3\(8\)xx2b

Showing 50 of 1721 affected configurations. See NVD for the full list.

References

Timeline

Published: Sep 23, 2021
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2021-34705?

How severe is CVE-2021-34705?

CVE-2021-34705 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.97% probability of exploitation in the next 30 days.

How do I fix CVE-2021-34705?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-34705?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST