CVE-2021-1432

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected device as a low-privileged user to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting arbitrary commands to a file as a lower-privileged user. The commands are then executed on the device by the root user. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

CVSS v3 7.3 HIGH
CVSS v2.0 6.9 MEDIUM

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-sdwarbcmdexec-sspOMUr3	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-sdwarbcmdexec-sspOMUr3	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:ios_xe:3.15.1xbs:::::::*
	cpe:2.3:o:cisco:ios_xe:3.15.2xbs:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1c:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1t:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1w:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1x:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1y:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1z:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1za:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.2:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.2a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.2s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.2t:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.3:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.3a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.3s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.4:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.4a:::::::*
	cpe:2.3:o:cisco:ios_xe:17.2.1:::::::*
	cpe:2.3:o:cisco:ios_xe:17.2.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:17.2.1r:::::::*
	cpe:2.3:o:cisco:ios_xe:17.2.1v:::::::*
	cpe:2.3:o:cisco:ios_xe_sd-wan::::::::

History

21 Nov 2024, 05:44

Type	Values Removed	Values Added
References	~~() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-sdwarbcmdexec-sspOMUr3 - Vendor Advisory~~	() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-sdwarbcmdexec-sspOMUr3 - Vendor Advisory

Information

Published : 2021-03-24 20:15

Updated : 2024-11-21 05:44

NVD link : CVE-2021-1432

Mitre link : CVE-2021-1432

CVE.ORG link : CVE-2021-1432

JSON object : View

Products Affected

cisco

ios_xe
ios_xe_sd-wan

CWE

CWE-20

Improper Input Validation

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

{"id": "CVE-2021-1432", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}]}, "published": "2021-03-24T20:15:14.510", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-sdwarbcmdexec-sspOMUr3", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-sdwarbcmdexec-sspOMUr3", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected device as a low-privileged user to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting arbitrary commands to a file as a lower-privileged user. The commands are then executed on the device by the root user. A successful exploit could allow the attacker to execute arbitrary commands as the root user."}, {"lang": "es", "value": "Una vulnerabilidad en la CLI del Software Cisco IOS XE SD-WAN, podr\u00eda permitir a un atacante local autenticado ejecutar comandos arbitrarios en el sistema operativo subyacente como usuario root. El atacante debe estar autenticado en el dispositivo afectado como un usuario poco privilegiado para explotar esta vulnerabilidad. Esta vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de la entrada suministrada por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad al inyectar comandos arbitrarios en un archivo como usuario poco privilegiado. A continuaci\u00f3n, el usuario root ejecuta los comandos en el dispositivo. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar comandos arbitrarios como usuario root"}], "lastModified": "2024-11-21T05:44:21.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:3.15.1xbs:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BF22C29-84DF-44CA-B574-FE04AB39E344"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.15.2xbs:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2C7C0BA-D618-4B65-B42C-43393167EEE0"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C98DED36-D4B5-48D6-964E-EEEE97936700"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD98C9E8-3EA6-4160-970D-37C389576516"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9027A528-2588-4C06-810B-5BB313FE4323"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7745ED34-D59D-49CC-B174-96BCA03B3374"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1w:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19AF4CF3-6E79-4EA3-974D-CD451A192BA9"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "313BD54C-073C-4F27-82D5-C99EFC3A20F7"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1y:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93B96E01-3777-4C33-9225-577B469A6CE5"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1z:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65FC3CC1-CF4F-4A2D-A500-04395AFE8B47"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1za:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "027200FC-8AD4-47E4-A404-490AE4F997EC"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5019B59-508E-40B0-9C92-2C26F58E2FBE"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "443D78BA-A3DA-4D1F-A4DF-2F426DC6B841"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1986DB1F-AD0A-42FE-8EC8-F18BA1AD4F99"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2t:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C6FB4DC-814D-49D2-BBE2-3861AE985A1C"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5750264-2990-4942-85F4-DB9746C5CA2B"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.3a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02352FD8-2A7B-41BD-9E4A-F312ABFDF3EF"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9173AD6-6658-4267-AAA7-D50D0B657528"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F02EE9D-45B1-43D6-B05D-6FF19472216B"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C1DBBCD-4C5A-43BB-8FB0-6F1AF99ED0D2"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B7EE7C7-D6C1-4C35-8C80-EAF3FC7E7EFA"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B51FA707-8DB1-4596-9122-D4BFEF17F400"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C04DF35A-1B6F-420A-8D84-74EB41BF3700"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "211CC9B2-6108-4C50-AB31-DC527C43053E"}, {"criteria": "cpe:2.3:o:cisco:ios_xe_sd-wan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C87891C-B8D0-4286-B6A7-61037E1A6A54"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}

7.3 /10