CVE-2021-1383Improper Input Validation in Cisco IOS XE Software

CWE-20Improper Input ValidationCWE-88Argument InjectionCWE-401Missing Release of Memory after Effective Lifetime7 documents6 sources
Severity
6.7MEDIUMNVD
CNA6.0
EPSS
0.1%
top 64.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedMar 24
Latest updateMay 21

Description

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploi

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/ios_xe62 versions+61

🔴Vulnerability Details

2
GHSA
GHSA-34jc-7wcf-7j89: Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating sy2022-05-24
CVEList
Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities2021-03-24

📋Vendor Advisories

2
Red Hat
kernel: media: zr364xx: fix memory leak in zr364xx_start_readpipe2024-05-21
Cisco
Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities2021-03-24

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: PHP deserialize vulnerability in CloudLinux Imunity360 could lead to arbitrary code execution2021-11-22
Talos
Vulnerability Spotlight: PHP deserialize vulnerability in CloudLinux Imunity360 could lead to arbitrary code execution2021-11-22
CVE-2021-1383 — Improper Input Validation in Cisco | cvebase