CVSS: 7.2EPSS: 0%CPEs: 63EXPL: 1CVE-2021-1383 – Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1383
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges. • https://github.com/orangecertcc/security-research/security/advisories/GHSA-vw54-f9mw-g46r https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xesdwpinj-V4weeqzU • CWE-20: Improper Input Validation CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.5EPSS: 0%CPEs: 57EXPL: 1CVE-2021-1385 – Cisco IOx Application Environment Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2021-1385
A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the device does not properly validate URIs in IOx API requests. An attacker could exploit this vulnerability by sending a crafted API request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system. Una vulnerabilidad en el entorno de alojamiento de aplicaciones Cisco IOx de varias plataformas Cisco, podría permitir a un atacante remoto autenticado llevar a cabo ataques de salto de directorio y leer y escribir archivos en el sistema operativo o host subyacente. • https://github.com/orangecertcc/security-research/security/advisories/GHSA-hhfw-6cm2-v3w5 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-pt-hWGcPf7g • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 74EXPL: 0CVE-2021-1390 – Cisco IOS XE Software Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1390
A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This vulnerability exists because the affected software permits modification of the run-time memory of an affected device under specific circumstances. An attacker could exploit this vulnerability by authenticating to the affected device and issuing a specific diagnostic test command at the CLI. A successful exploit could trigger a logic error in the code that was designed to restrict run-time memory modifications. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-OFP-6Nezgn7b • CWE-123: Write-what-where Condition •
CVSS: 7.2EPSS: 0%CPEs: 134EXPL: 0CVE-2021-1391 – Cisco IOS and IOS XE Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1391
A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consent token mechanism with the residual scripts on the affected device. A successful exploit could allow the attacker to escalate from privilege level 15 to root privilege. Una vulnerabilidad en el depurador dragonite del Software Cisco IOS XE, podría permitir a un atacante local autenticado escalar del nivel de privilegio 15 al privilegio de root. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-FSM-Yj8qJbJc • CWE-489: Active Debug Code •
CVSS: 6.9EPSS: 0%CPEs: 257EXPL: 0CVE-2021-1398 – Cisco IOS XE Software Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-1398
A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operating system of an affected device. This vulnerability is due to incorrect validations of specific function arguments that are passed to the boot script. An attacker could exploit this vulnerability by tampering with a specific file, which an affected device would process during the initial boot process. On systems that are protected by the Unified Extensible Firmware Interface (UEFI) secure boot feature, a successful exploit could allow the attacker to execute unsigned code at boot time and bypass the image verification check in the secure boot process of the affected device. Una vulnerabilidad en la lógica de arranque del Software Cisco IOS XE, podría permitir a un atacante local autenticado con privilegios de nivel 15 o un atacante no autenticado con acceso físico ejecutar código arbitrario en el sistema operativo Linux subyacente de un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-ACE-75K3bRWe • CWE-489: Active Debug Code •