CVE-2021-1398

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description The issue exists due to incorrect validations of specific function arguments that are passed to the boot script, allowing an attacker to execute arbitrary code on the underlying Linux operating system of an affected device. An attacker could exploit this by tampering with a specific file that an affected device would process during the initial boot process. On systems protected by the Unified Extensible Firmware Interface (UEFI) secure boot feature, a successful exploit could allow the attacker to execute unsigned code at boot time and bypass the image verification check in the secure boot process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.