CVE-2021-1371

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE SD-WAN Software (affected versions not specified)

Description: A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This occurs because the default configuration is applied for console authentication and authorization. An attacker could exploit this vulnerability by connecting to the console port and authenticating as a read-only user, potentially allowing a user with read-only permissions to access administrative privileges.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.