CVE-2021-1390

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A vulnerability in one of the diagnostic test CLI commands could allow an authenticated, local attacker to execute arbitrary code on an affected device. The attacker would need to have valid user credentials at privilege level 15. This issue exists because the affected software permits modification of the run-time memory under specific circumstances. An attacker could exploit this by authenticating to the device and issuing a specific diagnostic test command at the CLI, potentially triggering a logic error that allows overwriting system memory locations and executing arbitrary code on the underlying Linux operating system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.