PT-2021-2454 · Cisco · Cisco Ios Xe Sd-Wan+1
Cyrille Chatras
·
Published
2021-03-24
·
Updated
2022-09-20
·
CVE-2021-1383
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Cisco IOS XE SD-WAN Software (affected versions not specified)
Description:
The issue exists due to insufficient input validation of certain CLI commands, allowing an authenticated, local attacker to access the underlying operating system with root privileges. An attacker could exploit this by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Argument Injection
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Ios Xe Sd-Wan
Cisco Ios Xe