Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:3706D0E8-B343-4786-9943-529E5961BDFD
HistoryMar 24, 2021 - 12:00 a.m.

CVE-2021-1435

2021-03-2400:00:00
attackerkb.com
35
cisco ios xe software
authenticated remote attacker
web ui
arbitrary commands
insufficient input validation
root user

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

53.5%

JSON

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web UI of an affected device with arbitrary commands injected into a portion of the request. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

Related

cisa_kev 2
nessus 1
prion 1
cisco 1
cve 1
cvelist 1
nvd 1
thn 2
talosblog 1
rapid7blog 1
cisa_kev
cisa_kev
?
1970-01-01 00:00:00
Cisco IOS XE Web UI Command Injection Vulnerability
2023-10-23 00:00:00
nessus
nessus
Cisco IOS XE Software Web UI Command Injection (cisco-sa-iosxe-webcmdinjsh-UFJxTgZD)
2021-03-25 00:00:00
prion
prion
Input validation
2021-03-24 20:15:00
cisco
cisco
Cisco IOS XE Software Web UI Command Injection Vulnerability
2021-03-24 16:00:00
cve
cve
CVE-2021-1435
2021-03-24 20:15:14
cvelist
cvelist
CVE-2021-1435 Cisco IOS XE Software Web UI Command Injection Vulnerability
2021-03-24 20:05:43
nvd
nvd
CVE-2021-1435
2021-03-24 20:15:14
thn
thn
Warning: Unpatched Cisco Zero-Day Vulnerability Actively Targeted in the Wild
2023-10-17 04:12:00
Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices
2023-10-21 03:46:00
talosblog
talosblog
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities
2023-10-16 15:05:50
rapid7blog
rapid7blog
CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability
2023-10-17 19:50:03

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

53.5%

JSON
Related for AKB:3706D0E8-B343-4786-9943-529E5961BDFD
cisa_kev2nessus1prion1cisco1cve1cvelist1nvd1thn2talosblog1rapid7blog1