← Back

CVE-2021-1529

nvd nist
Published: Oct 21, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

Affected (7)

Cisco
2 products
Ios Xe
Ios Xe Sd Wan
Configuration A
6 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Ios Xe
From 16.12 to 17.0
Ios Xe
From 17.2 to 17.2.3
Ios Xe
From 17.3 to 17.3.4
Ios Xe
From 17.4 to 17.4.2
Ios Xe
From 17.5 to 17.5.1a
Ios Xe
Version 17.6.0
Running on/withPlatform Versions
Cisco
1000 Integrated Services Router
All versions
Configuration B
1 vulnerable · 54 platform
Vulnerable SoftwareAffected Versions
Ios Xe Sd Wan
From 17.2.1r
Running on/withPlatform Versions
Cisco
1100 4g/6g Integrated Services Router
All versions
Cisco
1100 4p Integrated Services Router
All versions
Cisco
1100 8p Integrated Services Router
All versions
Cisco
1100 Integrated Services Router
All versions
Cisco
1101 4p Integrated Services Router
All versions
Cisco
1101 Integrated Services Router
All versions
Cisco
1109 2p Integrated Services Router
All versions
Cisco
1109 4p Integrated Services Router
All versions
Cisco
1109 Integrated Services Router
All versions
Cisco
1111x 8p Integrated Services Router
All versions
Cisco
1111x Integrated Services Router
All versions
Cisco
111x Integrated Services Router
All versions
Cisco
1120 Integrated Services Router
All versions
Cisco
1160 Integrated Services Router
All versions
Cisco
4000 Integrated Services Router
All versions
Cisco
4221 Integrated Services Router
All versions
Cisco
4321 Integrated Services Router
All versions
Cisco
4331 Integrated Services Router
All versions
Cisco
4351 Integrated Services Router
All versions
Cisco
4431 Integrated Services Router
All versions
Cisco
4451 X Integrated Services Router
All versions
Cisco
4451 Integrated Services Router
All versions
Cisco
4461 Integrated Services Router
All versions
Cisco
Asr 1000
All versions
Cisco
Asr 1000 Esp100
All versions
Cisco
Asr 1000 X
All versions
Cisco
Asr 1001
All versions
Cisco
Asr 1001 Hx
All versions
Cisco
Asr 1001 Hx R
All versions
Cisco
Asr 1001 X
All versions
Cisco
Asr 1001 X R
All versions
Cisco
Asr 1002
All versions
Cisco
Asr 1002 Hx
All versions
Cisco
Asr 1002 Hx R
All versions
Cisco
Asr 1002 X
All versions
Cisco
Asr 1002 X R
All versions
Cisco
Asr 1002 Fixed Router
All versions
Cisco
Asr 1004
All versions
Cisco
Asr 1006
All versions
Cisco
Asr 1006 X
All versions
Cisco
Asr 1009 X
All versions
Cisco
Asr 1013
All versions
Cisco
Asr 1023
All versions
Cisco
Catalyst 8300 1n1s 4t2x
All versions
Cisco
Catalyst 8300 1n1s 6t
All versions
Cisco
Catalyst 8300 2n2s 4t2x
All versions
Cisco
Catalyst 8300 2n2s 6t
All versions
Cisco
Catalyst 8500
All versions
Cisco
Catalyst 8500l
All versions
Cisco
Catalyst 8510csr
All versions
Cisco
Catalyst 8510msr
All versions
Cisco
Catalyst 8540csr
All versions
Cisco
Catalyst 8540msr
All versions
Cisco
Csr 1000v
All versions

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.