// For flags

CVE-2021-1375

Cisco IOS XE Software Fast Reload Vulnerabilities

Severity Score

6.7
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory.

Múltiples vulnerabilidades en la funcionalidad fast reload del Software Cisco IOS XE que se ejecuta en los Switches Cisco Catalyst 3850, Cisco Catalyst 9300 y Cisco Catalyst 9300L Series, podrían permitir a un atacante local autenticado ejecutar código arbitrario en el sistema operativo subyacente, instalar y arrancar un imagen de software malicioso o ejecutar binarios sin firmar en un dispositivo afectado. Estas vulnerabilidades son debido a comprobaciones incorrectas llevadas a cabo por las rutinas de arranque del sistema. Para explotar estas vulnerabilidades, el atacante necesitaría acceso privilegiado a la CLI del dispositivo. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario en el sistema operativo subyacente o ejecutar código sin firmar y omitir la parte de comprobación de imagen del proceso de arranque seguro. Para mayor información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2020-11-13 CVE Reserved
  • 2021-03-24 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-11-08 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-347: Improper Verification of Cryptographic Signature
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.5.1
Search vendor "Cisco" for product "Ios Xe" and version "16.5.1"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.5.1a
Search vendor "Cisco" for product "Ios Xe" and version "16.5.1a"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.6.1
Search vendor "Cisco" for product "Ios Xe" and version "16.6.1"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.6.2
Search vendor "Cisco" for product "Ios Xe" and version "16.6.2"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.6.3
Search vendor "Cisco" for product "Ios Xe" and version "16.6.3"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.6.4
Search vendor "Cisco" for product "Ios Xe" and version "16.6.4"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.6.4a
Search vendor "Cisco" for product "Ios Xe" and version "16.6.4a"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.6.4s
Search vendor "Cisco" for product "Ios Xe" and version "16.6.4s"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.6.5
Search vendor "Cisco" for product "Ios Xe" and version "16.6.5"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.6.6
Search vendor "Cisco" for product "Ios Xe" and version "16.6.6"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.6.7
Search vendor "Cisco" for product "Ios Xe" and version "16.6.7"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.8.1
Search vendor "Cisco" for product "Ios Xe" and version "16.8.1"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.8.1a
Search vendor "Cisco" for product "Ios Xe" and version "16.8.1a"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.8.1s
Search vendor "Cisco" for product "Ios Xe" and version "16.8.1s"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.9.1
Search vendor "Cisco" for product "Ios Xe" and version "16.9.1"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.9.1s
Search vendor "Cisco" for product "Ios Xe" and version "16.9.1s"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.9.2
Search vendor "Cisco" for product "Ios Xe" and version "16.9.2"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.9.2s
Search vendor "Cisco" for product "Ios Xe" and version "16.9.2s"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.9.3
Search vendor "Cisco" for product "Ios Xe" and version "16.9.3"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.9.3a
Search vendor "Cisco" for product "Ios Xe" and version "16.9.3a"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.9.3s
Search vendor "Cisco" for product "Ios Xe" and version "16.9.3s"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.9.4
Search vendor "Cisco" for product "Ios Xe" and version "16.9.4"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.10.1
Search vendor "Cisco" for product "Ios Xe" and version "16.10.1"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.10.1e
Search vendor "Cisco" for product "Ios Xe" and version "16.10.1e"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.10.1s
Search vendor "Cisco" for product "Ios Xe" and version "16.10.1s"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.11.1
Search vendor "Cisco" for product "Ios Xe" and version "16.11.1"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.11.1b
Search vendor "Cisco" for product "Ios Xe" and version "16.11.1b"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.11.1c
Search vendor "Cisco" for product "Ios Xe" and version "16.11.1c"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.11.1s
Search vendor "Cisco" for product "Ios Xe" and version "16.11.1s"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.11.2
Search vendor "Cisco" for product "Ios Xe" and version "16.11.2"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1c
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1c"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.1s
Search vendor "Cisco" for product "Ios Xe" and version "16.12.1s"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.2
Search vendor "Cisco" for product "Ios Xe" and version "16.12.2"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.2s
Search vendor "Cisco" for product "Ios Xe" and version "16.12.2s"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
16.12.2t
Search vendor "Cisco" for product "Ios Xe" and version "16.12.2t"
-
Affected
Cisco
Search vendor "Cisco"
Ios Xe
Search vendor "Cisco" for product "Ios Xe"
17.1.1
Search vendor "Cisco" for product "Ios Xe" and version "17.1.1"
-
Affected