CVE-2021-1454Improper Input Validation in Cisco IOS XE Software

CWE-20Improper Input ValidationCWE-88Argument Injection4 documents4 sources
Severity
6.7MEDIUMNVD
CNA6.0
EPSS
0.1%
top 70.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE Software
Timeline
PublishedMar 24
Latest updateMay 24

Description

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploi

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-j47p-2qwf-vg8r: Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating sy2022-05-24
CVEList
Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities2021-03-24

📋Vendor Advisories

1
Cisco
Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities2021-03-24
CVE-2021-1454 — Improper Input Validation in Cisco | cvebase