Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-34724

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root user. An attacker must be authenticated on an affected device as a PRIV15 user. This vulnerability is due to insufficient file system protection and the presence of a sensitive file in the bootflash directory on an affected device. An attacker could exploit this vulnerability by overwriting an installer file stored in the bootflash directory with arbitrary commands that can be executed with root-level privileges. A successful exploit could allow the attacker to read and write changes to the configuration database on the affected device.

Published

2021-09-23T03:15:18.813

Last Modified

2024-11-21T06:11:03.303

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.0 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

9.2

Weaknesses

Type: Secondary
CWE-284
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xe_sd-wan	≤ 17.3.1a	Yes
Hardware	cisco	1000_integrated_services_router	-	No
Hardware	cisco	1100-4g\/6g_integrated_services_router	-	No
Hardware	cisco	1100-4p_integrated_services_router	-	No
Hardware	cisco	1100-8p_integrated_services_router	-	No
Hardware	cisco	1100_integrated_services_router	-	No
Hardware	cisco	1101-4p_integrated_services_router	-	No
Hardware	cisco	1101_integrated_services_router	-	No
Hardware	cisco	1109-2p_integrated_services_router	-	No
Hardware	cisco	1109-4p_integrated_services_router	-	No
Hardware	cisco	1109_integrated_services_router	-	No
Hardware	cisco	1111x-8p_integrated_services_router	-	No
Hardware	cisco	1111x_integrated_services_router	-	No
Hardware	cisco	111x_integrated_services_router	-	No
Hardware	cisco	1120_integrated_services_router	-	No
Hardware	cisco	1160_integrated_services_router	-	No
Hardware	cisco	4000_integrated_services_router	-	No
Hardware	cisco	422_integrated_services_router	-	No
Hardware	cisco	4221_integrated_services_router	-	No
Hardware	cisco	4321_integrated_services_router	-	No
Hardware	cisco	4331_integrated_services_router	-	No
Hardware	cisco	4351_integrated_services_router	-	No
Hardware	cisco	4431_integrated_services_router	-	No
Hardware	cisco	4451-x_integrated_services_router	-	No
Hardware	cisco	4451_integrated_services_router	-	No
Hardware	cisco	4461_integrated_services_router	-	No
Hardware	cisco	asr_1000	-	No
Hardware	cisco	asr_1000-esp100	-	No
Hardware	cisco	asr_1000-x	-	No
Hardware	cisco	asr_1000_series	-	No
Hardware	cisco	asr_1000_series_route_processor_\(rp2\)	-	No
Hardware	cisco	asr_1000_series_route_processor_\(rp3\)	-	No
Hardware	cisco	asr_1001	-	No
Hardware	cisco	asr_1001-hx	-	No
Hardware	cisco	asr_1001-hx_r	-	No
Hardware	cisco	asr_1001-x	-	No
Hardware	cisco	asr_1001-x_r	-	No
Hardware	cisco	asr_1002	-	No
Hardware	cisco	asr_1002-hx	-	No
Hardware	cisco	asr_1002-hx_r	-	No
Hardware	cisco	asr_1002-x	-	No
Hardware	cisco	asr_1002-x_r	-	No
Hardware	cisco	asr_1004	-	No
Hardware	cisco	asr_1006	-	No
Hardware	cisco	asr_1006-x	-	No
Hardware	cisco	asr_1009-x	-	No
Hardware	cisco	asr_1013	-	No
Hardware	cisco	asr_1023	-	No
Hardware	cisco	csr_1000v	-	No

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-privesc-VP4FG3jD Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-privesc-VP4FG3jD Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)