CVE-2021-1434

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE SD-WAN Software (affected versions not specified)

Description: A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This issue is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters, potentially allowing them to overwrite the content of any arbitrary file on the underlying host file system.

Recommendations: For all affected versions, update to the latest software version that addresses this vulnerability, as provided by Cisco. At the moment, there is no information about specific workarounds that address this vulnerability.