CVE-2021-34729

CWE-77 — Command Injection CWE-78 — OS Command Injection4 documents4 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 83.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Cisco IOS XE Sd-wan Cisco Cisco IOS XE Sd-wan Software

Timeline

PublishedSep 23

Latest updateMay 24

Description

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input in the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands with…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5cisco/cisco_ios_xe_sd-wan_softwaren/a

▶NVDcisco/ios_xe17.3.1a

▶NVDcisco/ios_xe_sd-wan17.3.1a

🔴Vulnerability Details

GHSA

GHSA-qm8p-89vx-j9q3: A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary↗2022-05-24

▶

CVEList

Cisco IOS XE SD-WAN Software Command Injection Vulnerability↗2021-09-23

▶

📋Vendor Advisories

Cisco

Cisco IOS XE SD-WAN Software Command Injection Vulnerability↗2021-09-22

▶