CVE-2021-1383
Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities
Severity Score
6.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges.
Múltiples vulnerabilidades en la CLI del Software Cisco IOS XE SD-WAN, podrían permitir a un atacante local autenticado acceder al sistema operativo subyacente con privilegios root. Estas vulnerabilidades son debido a una comprobación insuficiente de la entrada de determinados comandos de la CLI. Un atacante podría explotar estas vulnerabilidades al autenticarse en el dispositivo y enviar una entrada diseñada a la CLI. El atacante debe estar autenticado como usuario administrativo para ejecutar los comandos afectados. Una explotación con éxito podría permitir al atacante acceder al sistema operativo subyacente con privilegios root
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-11-13 CVE Reserved
- 2021-03-24 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/orangecertcc/security-research/security/advisories/GHSA-vw54-f9mw-g46r | 2024-09-17 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.9.1 Search vendor "Cisco" for product "Ios Xe" and version "16.9.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.9.2 Search vendor "Cisco" for product "Ios Xe" and version "16.9.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.9.3 Search vendor "Cisco" for product "Ios Xe" and version "16.9.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.9.4 Search vendor "Cisco" for product "Ios Xe" and version "16.9.4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.10.1 Search vendor "Cisco" for product "Ios Xe" and version "16.10.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.10.1a Search vendor "Cisco" for product "Ios Xe" and version "16.10.1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.10.1b Search vendor "Cisco" for product "Ios Xe" and version "16.10.1b" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.10.1c Search vendor "Cisco" for product "Ios Xe" and version "16.10.1c" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.10.1d Search vendor "Cisco" for product "Ios Xe" and version "16.10.1d" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.10.1e Search vendor "Cisco" for product "Ios Xe" and version "16.10.1e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.10.1f Search vendor "Cisco" for product "Ios Xe" and version "16.10.1f" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.10.1g Search vendor "Cisco" for product "Ios Xe" and version "16.10.1g" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.10.1s Search vendor "Cisco" for product "Ios Xe" and version "16.10.1s" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.10.2 Search vendor "Cisco" for product "Ios Xe" and version "16.10.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.10.3 Search vendor "Cisco" for product "Ios Xe" and version "16.10.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.11.1 Search vendor "Cisco" for product "Ios Xe" and version "16.11.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.11.1a Search vendor "Cisco" for product "Ios Xe" and version "16.11.1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.11.1b Search vendor "Cisco" for product "Ios Xe" and version "16.11.1b" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.11.1c Search vendor "Cisco" for product "Ios Xe" and version "16.11.1c" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.11.1s Search vendor "Cisco" for product "Ios Xe" and version "16.11.1s" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.11.2 Search vendor "Cisco" for product "Ios Xe" and version "16.11.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1a Search vendor "Cisco" for product "Ios Xe" and version "16.12.1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1c Search vendor "Cisco" for product "Ios Xe" and version "16.12.1c" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1s Search vendor "Cisco" for product "Ios Xe" and version "16.12.1s" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1t Search vendor "Cisco" for product "Ios Xe" and version "16.12.1t" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1w Search vendor "Cisco" for product "Ios Xe" and version "16.12.1w" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1x Search vendor "Cisco" for product "Ios Xe" and version "16.12.1x" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1y Search vendor "Cisco" for product "Ios Xe" and version "16.12.1y" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1z Search vendor "Cisco" for product "Ios Xe" and version "16.12.1z" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1z1 Search vendor "Cisco" for product "Ios Xe" and version "16.12.1z1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.1za Search vendor "Cisco" for product "Ios Xe" and version "16.12.1za" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.2 Search vendor "Cisco" for product "Ios Xe" and version "16.12.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.2a Search vendor "Cisco" for product "Ios Xe" and version "16.12.2a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.2s Search vendor "Cisco" for product "Ios Xe" and version "16.12.2s" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.2t Search vendor "Cisco" for product "Ios Xe" and version "16.12.2t" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.3 Search vendor "Cisco" for product "Ios Xe" and version "16.12.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.3a Search vendor "Cisco" for product "Ios Xe" and version "16.12.3a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.3s Search vendor "Cisco" for product "Ios Xe" and version "16.12.3s" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.4 Search vendor "Cisco" for product "Ios Xe" and version "16.12.4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.4a Search vendor "Cisco" for product "Ios Xe" and version "16.12.4a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.5 Search vendor "Cisco" for product "Ios Xe" and version "16.12.5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 16.12.5b Search vendor "Cisco" for product "Ios Xe" and version "16.12.5b" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.1.1 Search vendor "Cisco" for product "Ios Xe" and version "17.1.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.1.1a Search vendor "Cisco" for product "Ios Xe" and version "17.1.1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.1.1s Search vendor "Cisco" for product "Ios Xe" and version "17.1.1s" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.1.1t Search vendor "Cisco" for product "Ios Xe" and version "17.1.1t" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.1.2 Search vendor "Cisco" for product "Ios Xe" and version "17.1.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.1.3 Search vendor "Cisco" for product "Ios Xe" and version "17.1.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.2.1 Search vendor "Cisco" for product "Ios Xe" and version "17.2.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.2.1a Search vendor "Cisco" for product "Ios Xe" and version "17.2.1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.2.1r Search vendor "Cisco" for product "Ios Xe" and version "17.2.1r" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.2.1v Search vendor "Cisco" for product "Ios Xe" and version "17.2.1v" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.2.2 Search vendor "Cisco" for product "Ios Xe" and version "17.2.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.3.1 Search vendor "Cisco" for product "Ios Xe" and version "17.3.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.3.1a Search vendor "Cisco" for product "Ios Xe" and version "17.3.1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.3.1w Search vendor "Cisco" for product "Ios Xe" and version "17.3.1w" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.3.1x Search vendor "Cisco" for product "Ios Xe" and version "17.3.1x" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.3.2 Search vendor "Cisco" for product "Ios Xe" and version "17.3.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.3.2a Search vendor "Cisco" for product "Ios Xe" and version "17.3.2a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.4.1 Search vendor "Cisco" for product "Ios Xe" and version "17.4.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.4.1a Search vendor "Cisco" for product "Ios Xe" and version "17.4.1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Sd-wan Search vendor "Cisco" for product "Ios Xe Sd-wan" | * | - |
Affected
| ||||||