CVE-2021-1432Improper Input Validation in Cisco IOS XE Software

CWE-20Improper Input ValidationCWE-74Injection4 documents4 sources
Severity
7.3HIGHNVD
EPSS
0.1%
top 80.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedMar 24
Latest updateMay 24

Description

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected device as a low-privileged user to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting arbitrary commands to a file as a lower-privileged user. The com

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

NVDcisco/ios_xe25 versions+24

🔴Vulnerability Details

2
GHSA
GHSA-gcqm-xc9c-9vw6: A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlyin2022-05-24
CVEList
Cisco IOS XE SD-WAN Software Arbitrary Command Execution Vulnerability2021-03-24

📋Vendor Advisories

1
Cisco
Cisco IOS XE SD-WAN Software Arbitrary Command Execution Vulnerability2021-03-24
CVE-2021-1432 — Improper Input Validation in Cisco | cvebase