CVE-2021-1371
6.6
Vector
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.7 / Impact: 5.9
Source: NVD
Description
A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs because the default configuration is applied for console authentication and authorization. An attacker could exploit this vulnerability by connecting to the console port and authenticating as a read-only user. A successful exploit could allow a user with read-only permissions to access administrative privileges.
Affected (1)
Products: Cisco: Ios Xe Sd Wan
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 17.2.0 |
| Running on/with | Platform Versions |
|---|---|
Cisco 1100 Integrated Services Router | All versions |
Cisco 1101 Integrated Services Router | All versions |
Cisco 1109 Integrated Services Router | All versions |
Cisco 1111x Integrated Services Router | All versions |
Cisco 111x Integrated Services Router | All versions |
Cisco 1120 Integrated Services Router | All versions |
Cisco 1160 Integrated Services Router | All versions |
Cisco 4221 Integrated Services Router | All versions |
Cisco 4321 Integrated Services Router | All versions |
Cisco 4331 Integrated Services Router | All versions |
Cisco 4351 Integrated Services Router | All versions |
Cisco 4431 Integrated Services Router | All versions |
Cisco 4451 Integrated Services Router | All versions |
Cisco 4461 Integrated Services Router | All versions |
Cisco Asr 1000 | All versions |
Cisco Cloud Services Router 1000v | All versions |
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.