CVE-2021-1376Improper Verification of Cryptographic Signature in Cisco IOS XE Software

CWE-347Improper Verification of Cryptographic Signature6 documents5 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 93.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedMar 24
Latest updateMay 24

Description

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities,

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/ios_xe50 versions+49

🔴Vulnerability Details

2
GHSA
GHSA-pjh3-48qc-pm5c: Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 92022-05-24
CVEList
Cisco IOS XE Software Fast Reload Vulnerabilities2021-03-24

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Fast Reload Vulnerabilities2021-03-24

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Buffer overflow vulnerability in AnyCubic Chitubox plugin2022-01-10
Talos
Vulnerability Spotlight: Buffer overflow vulnerability in AnyCubic Chitubox plugin2022-01-10
CVE-2021-1376 — Cisco IOS XE Software vulnerability | cvebase