CVE-2021-1371

CWE-269Improper Privilege Management4 documents4 sources
Severity
6.6MEDIUM
EPSS
0.0%
top 92.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco IOS XE SoftwareCisco IOS XE Sd-wan
Timeline
PublishedMar 24
Latest updateMay 24

Description

A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs because the default configuration is applied for console authentication and authorization. An attacker could exploit this vulnerability by connecting to the console port and authenticating as a read-only

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 0.7 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-8qm4-vmvc-xrpj: A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privilege2022-05-24
CVEList
Cisco IOS XE SD-WAN Software Console Privilege Escalation Vulnerability2021-03-24

📋Vendor Advisories

1
Cisco
Cisco IOS XE SD-WAN Software Console Privilege Escalation Vulnerability2021-03-24
CVE-2021-1371 (MEDIUM CVSS 6.6) | A vulnerability in the role-based a | cvebase.io