CVE-2021-1572
ConfD CLI Secure Shell Server Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled. Software updates that address this vulnerability have been released.
Una vulnerabilidad en ConfD, podría permitir a un atacante local autenticado ejecutar comandos arbitrarios al nivel de la cuenta bajo la que se ejecuta ConfD, que suele ser root. Para explotar esta vulnerabilidad, un atacante debe tener una cuenta válida en un dispositivo afectado. La vulnerabilidad se presenta porque el software afectado ejecuta incorrectamente el servicio de usuario SFTP en el nivel de privilegio de la cuenta que se estaba ejecutando cuando el servidor Secure Shell (SSH) integrado de ConfD para CLI estaba habilitado. Si el servidor SSH integrado de ConfD no estaba habilitado, el dispositivo no está afectado por esta vulnerabilidad. Un atacante con privilegios de bajo nivel podría explotar esta vulnerabilidad al autenticarse en un dispositivo afectado y emitiendo una serie de comandos en la interfaz SFTP. Una explotación con éxito podría permitir al atacante elevar los privilegios al nivel de la cuenta bajo la cual se ejecuta ConfD, que es comúnmente root. Nota: Cualquier usuario que pueda autenticarse en el servidor SSH incorporado puede explotar esta vulnerabilidad. Por defecto, todos los usuarios de ConfD presentan este acceso si el servidor está habilitado. Se han publicado actualizaciones de software que solucionan esta vulnerabilidad
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2020-11-13 CVE Reserved
- 2021-08-04 CVE Published
- 2023-03-08 EPSS Updated
- 2024-11-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-266: Incorrect Privilege Assignment
- CWE-269: Improper Privilege Management
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Confd Search vendor "Cisco" for product "Confd" | >= 7.4 <= 7.4.3 Search vendor "Cisco" for product "Confd" and version " >= 7.4 <= 7.4.3" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Confd Search vendor "Cisco" for product "Confd" | >= 7.5 <= 7.5.2 Search vendor "Cisco" for product "Confd" and version " >= 7.5 <= 7.5.2" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Network Services Orchestrator Search vendor "Cisco" for product "Network Services Orchestrator" | >= 5.4 <= 5.4.3.1 Search vendor "Cisco" for product "Network Services Orchestrator" and version " >= 5.4 <= 5.4.3.1" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Network Services Orchestrator Search vendor "Cisco" for product "Network Services Orchestrator" | >= 5.5 <= 5.5.2.2 Search vendor "Cisco" for product "Network Services Orchestrator" and version " >= 5.5 <= 5.5.2.2" | - |
Affected
|