CVE-2021-1385Path Traversal in Cisco IOS

CWE-22Path TraversalCWE-416Use After Free5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 54.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco IOSCisco IOSCisco IOS XE
Timeline
PublishedMar 24
Latest updateFeb 26

Description

A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the device does not properly validate URIs in IOx API requests. An attacker could exploit this vulnerability by sending a crafted API request that contains directory traversal character sequences to an affected d

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages3 packages

NVDcisco/ios10 versions+9
NVDcisco/ios_xe47 versions+46
CVEListV5cisco/cisco_iosn/a

🔴Vulnerability Details

2
GHSA
GHSA-hrv5-5xv9-vp4p: A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct2022-05-24
CVEList
Cisco IOx Application Environment Path Traversal Vulnerability2021-03-24

📋Vendor Advisories

2
Red Hat
kernel: ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl2025-02-26
Cisco
Cisco IOx Application Environment Path Traversal Vulnerability2021-03-24