CVE-2021-1391Active Debug Code in Cisco IOS

CWE-489Active Debug Code4 documents4 sources
Severity
6.7MEDIUMNVD
CNA5.1
EPSS
0.0%
top 87.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco IOSCisco IOSCisco IOS XE
Timeline
PublishedMar 24
Latest updateMay 24

Description

A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consent token mechanism with the residual scripts on the affected device. A successful exploit could allow the attacker to escalate from privilege level

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

NVDcisco/ios44 versions+43
NVDcisco/ios_xe90 versions+89
CVEListV5cisco/cisco_iosn/a

🔴Vulnerability Details

2
GHSA
GHSA-4xjv-crqf-4qqv: A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to2022-05-24
CVEList
Cisco IOS and IOS XE Software Privilege Escalation Vulnerability2021-03-24

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE Software Privilege Escalation Vulnerability2021-03-24
CVE-2021-1391 — Active Debug Code in Cisco IOS | cvebase