CVE-2021-1391

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified) Cisco IOS Software (affected versions not specified)

Description A vulnerability in the dragonite debugger could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The issue is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this by bypassing the consent token mechanism with the residual scripts on the affected device, potentially allowing them to escalate privileges.

Recommendations For Cisco IOS XE Software, update to a version that includes the fix for this issue. For Cisco IOS Software, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the dragonite debugger until a patch is available. Avoid using the residual scripts on the affected device to minimize the risk of exploitation. At the moment, there is no information about specific versions that contain a fix for this vulnerability, but Cisco has released software updates that address this issue.