Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-1383

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges.

Published

2021-03-24T20:15:13.667

Last Modified

2024-11-21T05:44:13.630

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.0 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-20
  • Type: Primary
    CWE-88
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco ios_xe 16.9.1 Yes
Operating System cisco ios_xe 16.9.2 Yes
Operating System cisco ios_xe 16.9.3 Yes
Operating System cisco ios_xe 16.9.4 Yes
Operating System cisco ios_xe 16.10.1 Yes
Operating System cisco ios_xe 16.10.1a Yes
Operating System cisco ios_xe 16.10.1b Yes
Operating System cisco ios_xe 16.10.1c Yes
Operating System cisco ios_xe 16.10.1d Yes
Operating System cisco ios_xe 16.10.1e Yes
Operating System cisco ios_xe 16.10.1f Yes
Operating System cisco ios_xe 16.10.1g Yes
Operating System cisco ios_xe 16.10.1s Yes
Operating System cisco ios_xe 16.10.2 Yes
Operating System cisco ios_xe 16.10.3 Yes
Operating System cisco ios_xe 16.11.1 Yes
Operating System cisco ios_xe 16.11.1a Yes
Operating System cisco ios_xe 16.11.1b Yes
Operating System cisco ios_xe 16.11.1c Yes
Operating System cisco ios_xe 16.11.1s Yes
Operating System cisco ios_xe 16.11.2 Yes
Operating System cisco ios_xe 16.12.1 Yes
Operating System cisco ios_xe 16.12.1a Yes
Operating System cisco ios_xe 16.12.1c Yes
Operating System cisco ios_xe 16.12.1s Yes
Operating System cisco ios_xe 16.12.1t Yes
Operating System cisco ios_xe 16.12.1w Yes
Operating System cisco ios_xe 16.12.1x Yes
Operating System cisco ios_xe 16.12.1y Yes
Operating System cisco ios_xe 16.12.1z Yes
Operating System cisco ios_xe 16.12.1z1 Yes
Operating System cisco ios_xe 16.12.1za Yes
Operating System cisco ios_xe 16.12.2 Yes
Operating System cisco ios_xe 16.12.2a Yes
Operating System cisco ios_xe 16.12.2s Yes
Operating System cisco ios_xe 16.12.2t Yes
Operating System cisco ios_xe 16.12.3 Yes
Operating System cisco ios_xe 16.12.3a Yes
Operating System cisco ios_xe 16.12.3s Yes
Operating System cisco ios_xe 16.12.4 Yes
Operating System cisco ios_xe 16.12.4a Yes
Operating System cisco ios_xe 16.12.5 Yes
Operating System cisco ios_xe 16.12.5b Yes
Operating System cisco ios_xe 17.1.1 Yes
Operating System cisco ios_xe 17.1.1a Yes
Operating System cisco ios_xe 17.1.1s Yes
Operating System cisco ios_xe 17.1.1t Yes
Operating System cisco ios_xe 17.1.2 Yes
Operating System cisco ios_xe 17.1.3 Yes
Operating System cisco ios_xe 17.2.1 Yes
Operating System cisco ios_xe 17.2.1a Yes
Operating System cisco ios_xe 17.2.1r Yes
Operating System cisco ios_xe 17.2.1v Yes
Operating System cisco ios_xe 17.2.2 Yes
Operating System cisco ios_xe 17.3.1 Yes
Operating System cisco ios_xe 17.3.1a Yes
Operating System cisco ios_xe 17.3.1w Yes
Operating System cisco ios_xe 17.3.1x Yes
Operating System cisco ios_xe 17.3.2 Yes
Operating System cisco ios_xe 17.3.2a Yes
Operating System cisco ios_xe 17.4.1 Yes
Operating System cisco ios_xe 17.4.1a Yes
Operating System cisco ios_xe_sd-wan * Yes
References