CVE-2021-1382

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE SD-WAN Software (affected versions not specified)

Description: The issue exists due to insufficient input validation on certain CLI commands, allowing an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. An attacker could exploit this by authenticating to the device and submitting crafted input to the CLI, requiring administrative user authentication to execute the affected commands. A successful exploit could allow the attacker to execute commands with root privileges.

Recommendations: For Cisco IOS XE SD-WAN Software, update to a version that includes the fix for this issue, as software updates have been released by Cisco to address this vulnerability. At the moment, there is no information about specific versions that contain a fix for this vulnerability.