CVE-2021-1384
published 2021-03-24CVE-2021-1384: A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the…
PriorityP261high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
35.39%
98.2th percentile
A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. This vulnerability is due to incomplete validation of fields in the application packages loaded onto IOx. An attacker could exploit this vulnerability by creating a crafted application .tar file and loading it onto the device. A successful exploit could allow the attacker to perform command injection into the underlying operating system as the root user.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_ios_xe_software | — | — |
| cisco | ios_xe | < 16.6.9 | 16.6.9 |
| cisco | ios_xe | — | — |
| cisco | ios_xe | >= 16.9.0 < 16.9.7 | 16.9.7 |
| cisco | ios_xe | >= 17.3.2 < 17.3.3 | 17.3.3 |
| cisco | ios_xe | >= 17.4.0 < 17.4.2 | 17.4.2 |
| cisco | iox_for_ios_xe | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for crafted .tar application package files being loaded onto Cisco IOx application hosting environment, which may contain injected commands in insufficiently validated fields ↗
- →Alert on command injection activity originating from the Cisco IOx process running as root user, which would indicate successful exploitation ↗
- →Track Cisco Bug ID CSCvw64798 for patch status and internal Cisco tooling correlation ↗
- ·Exploitation requires authentication; unauthenticated attackers cannot directly exploit this vulnerability. Scope detection efforts on authenticated sessions interacting with the IOx application hosting environment. ↗
- ·The root cause is incomplete field validation in IOx application packages; any IOx deployment accepting externally supplied .tar application packages should be considered at risk until patched. ↗
- ·No workarounds exist for this vulnerability; patching via Cisco software updates is the only mitigation. ↗
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.08.5HIGHAV:N/AC:M/Au:S/C:C/I:C/A:C
vendor_cisco6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x749-h24f-x5rh: A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands
ghsa_unreviewed·2022-05-24
CVE-2021-1384 [HIGH] CWE-77 GHSA-x749-h24f-x5rh: A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands
A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. This vulnerability is due to incomplete validation of fields in the application packages loaded onto IOx. An attacker could exploit this vulnerability by creating a crafted application .tar file and loading it onto the device. A successful exploit could allow the attacker to perform command injection into the underlying operating system as the root user.
Cisco
Cisco IOx for IOS XE Software Command Injection Vulnerability
vendor_cisco·2021-03-24·CVSS 6.5
CVE-2021-1384 [MEDIUM] CWE-77 Cisco IOx for IOS XE Software Command Injection Vulnerability
Cisco IOx for IOS XE Software Command Injection Vulnerability
A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user.
This vulnerability is due to incomplete validation of fields in the application packages loaded onto IOx. An attacker could exploit this vulnerability by creating a crafted application .tar file and loading it onto the device. A successful exploit could allow the attacker to perform command injection into the underlying operating system as the root user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following li
Cisco
Cisco IOx for IOS XE Software Command Injection Vulnerability
vendor_cisco·CVSS 3.1
CVE-2021-1384 Cisco IOx for IOS XE Software Command Injection Vulnerability
CVE-2021-1384: Cisco IOx for IOS XE Software Command Injection Vulnerability
A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. This vulnerability is due to incomplete validation of fields in the application packages loaded onto IOx. An attacker could exploit this vulnerability by creating a crafted application . tar file and loading it onto the device. A successful exploit could allow the attacker to perform command injection into the underlying operating system as the root user. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.1
CWE: CWE-77, CWE-77
Bug IDs: CSCvw64798
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/orangecertcc/security-research/security/advisories/GHSA-h332-fj6p-2232https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-cmdinj-RkSURGHGhttps://github.com/orangecertcc/security-research/security/advisories/GHSA-h332-fj6p-2232https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-cmdinj-RkSURGHG
2021-03-24
Published