CVE-2021-1441

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers (affected versions not specified) Cisco IOS XE Software for Cisco ESR6300 Embedded Series Routers (affected versions not specified)

Description: The issue exists due to incorrect validations of parameters passed to a diagnostic script executed when the device boots up. An attacker could exploit this by tampering with an executable file stored on a device, potentially allowing the execution of unsigned code at boot time and bypassing the software image verification check part of the secure boot process. To exploit this, the attacker would need administrative level credentials (level 15) on the device.

Recommendations: For Cisco 1100 Series Industrial Integrated Services Routers, update to a version that includes the fix for this issue. For Cisco ESR6300 Embedded Series Routers, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability, however, Cisco has released software updates that address this vulnerability.