Lucene search
CiscoCISCO-SA-XE-SAP-OPLBZE68HistoryMar 24, 2021 - 4:00 p.m.
Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability
2021-03-2416:00:00
tools.cisco.com
110
cisco
ios
ios xe
common industrial protocol
privilege escalation
vulnerability
cli command
permissions
cip
software updates
EPSS
0
Percentile
5.1%
A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user.
This vulnerability exists because incorrect permissions are associated with the show cip security CLI command. An attacker could exploit this vulnerability by issuing the command to retrieve the password for CIP on an affected device. A successful exploit could allow the attacker to reconfigure the device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-SAP-OPLbze68 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-SAP-OPLbze68”]
This advisory is part of the March 2021 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74408”].
Affected configurations
Node
ciscoiosMatch15.0ey
ORciscoiosMatch15.0ea
ORciscoiosMatch15.2e
ORciscoiosMatch15.2ey
ORciscoiosMatch15.2jaz
ORciscoiosMatch15.2eb
ORciscoiosMatch15.2ea
ORciscoiosMatch15.3jn
ORciscoiosMatch15.3ja
ORciscoiosMatch15.3jaa
ORciscoiosMatch15.3jb
ORciscoiosMatch15.3jnb
ORciscoiosMatch15.3jax
ORciscoiosMatch15.3jbb
ORciscoiosMatch15.3jc
ORciscoiosMatch15.3jnc
ORciscoiosMatch15.3jnp
ORciscoiosMatch15.3jpb
ORciscoiosMatch15.3jd
ORciscoiosMatch15.2ec
ORciscoiosMatch15.3jpc
ORciscoiosMatch15.3jnd
ORciscoiosMatch15.3je
ORciscoiosMatch15.3jpd
ORciscoiosMatch15.3jf
ORciscoiosMatch15.3jg
ORciscoiosMatch15.3jh
ORciscoiosMatch15.3ji
ORciscoiosMatch15.3jk
ORciscoiosMatch15.3jj
ORciscoiosMatch15.3jpj
ORciscoiosMatch15.1svs
ORciscoiosMatch15.1svt
ORciscoiosMatch15.3jpr
ORciscocisco_ios_xe_softwareMatch3.6e
ORciscocisco_ios_xe_softwareMatch3.7e
ORciscocisco_ios_xe_softwareMatch16.9
ORciscocisco_ios_xe_softwareMatch16.10
ORciscocisco_ios_xe_softwareMatch16.11
ORciscocisco_ios_xe_softwareMatch16.12
ORciscocisco_ios_xe_softwareMatch17.1
ORciscocisco_ios_xe_softwareMatch17.2
ORciscoiosMatch15.0\(1\)ey
ORciscoiosMatch15.0\(1\)ey1
ORciscoiosMatch15.0\(1\)ey2
ORciscoiosMatch15.0\(2\)ea
ORciscoiosMatch15.0\(2\)ea1
ORciscoiosMatch15.2\(2\)e
ORciscoiosMatch15.2\(2\)e1
ORciscoiosMatch15.2\(2b\)e
ORciscoiosMatch15.2\(3\)e1
ORciscoiosMatch15.2\(2\)e2
ORciscoiosMatch15.2\(2\)e3
ORciscoiosMatch15.2\(2a\)e2
ORciscoiosMatch15.2\(3\)e2
ORciscoiosMatch15.2\(3\)e3
ORciscoiosMatch15.2\(2\)e4
ORciscoiosMatch15.2\(2\)e5
ORciscoiosMatch15.2\(3\)e4
ORciscoiosMatch15.2\(5\)e
ORciscoiosMatch15.2\(2\)e6
ORciscoiosMatch15.2\(5\)e1
ORciscoiosMatch15.2\(2\)e5a
ORciscoiosMatch15.2\(2\)e5b
ORciscoiosMatch15.2\(5a\)e1
ORciscoiosMatch15.2\(2\)e7
ORciscoiosMatch15.2\(5\)e2
ORciscoiosMatch15.2\(6\)e
ORciscoiosMatch15.2\(5\)e2c
ORciscoiosMatch15.2\(2\)e8
ORciscoiosMatch15.2\(6\)e0a
ORciscoiosMatch15.2\(6\)e1
ORciscoiosMatch15.2\(6\)e0c
ORciscoiosMatch15.2\(2\)e9
ORciscoiosMatch15.2\(6\)e1a
ORciscoiosMatch15.2\(6\)e1s
ORciscoiosMatch15.2\(2\)e10
ORciscoiosMatch15.2\(7\)e0b
ORciscoiosMatch15.2\(7a\)e0b
ORciscoiosMatch15.2\(7b\)e0b
ORciscoiosMatch15.2\(4\)e10e
ORciscoiosMatch15.2\(1\)ey
ORciscoiosMatch15.2\(4\)jaz
ORciscoiosMatch15.2\(2\)eb
ORciscoiosMatch15.2\(2\)eb1
ORciscoiosMatch15.2\(2\)eb2
ORciscoiosMatch15.2\(2\)ea
ORciscoiosMatch15.2\(2\)ea1
ORciscoiosMatch15.2\(2\)ea2
ORciscoiosMatch15.2\(3\)ea
ORciscoiosMatch15.2\(4\)ea
ORciscoiosMatch15.2\(4\)ea1
ORciscoiosMatch15.2\(2\)ea3
ORciscoiosMatch15.2\(4\)ea3
ORciscoiosMatch15.2\(5\)ea
ORciscoiosMatch15.2\(4\)ea4
ORciscoiosMatch15.2\(4\)ea2
ORciscoiosMatch15.2\(4\)ea5
ORciscoiosMatch15.2\(4\)ea6
ORciscoiosMatch15.2\(4\)ea7
ORciscoiosMatch15.2\(4\)ea8
ORciscoiosMatch15.2\(4\)ea9
ORciscoiosMatch15.2\(4\)ea9a
ORciscoiosMatch15.2\(4\)ea10
ORciscoiosMatch15.3\(3\)jn
ORciscoiosMatch15.3\(3\)jn3
ORciscoiosMatch15.3\(3\)jn4
ORciscoiosMatch15.3\(3\)jn6
ORciscoiosMatch15.3\(3\)jn7
ORciscoiosMatch15.3\(3\)jn8
ORciscoiosMatch15.3\(3\)jn9
ORciscoiosMatch15.3\(3\)jn11
ORciscoiosMatch15.3\(3\)jn13
ORciscoiosMatch15.3\(3\)jn14
ORciscoiosMatch15.3\(3\)jn15
ORciscoiosMatch15.3\(3\)ja1
ORciscoiosMatch15.3\(3\)ja4
ORciscoiosMatch15.3\(3\)ja5
ORciscoiosMatch15.3\(3\)ja6
ORciscoiosMatch15.3\(3\)ja7
ORciscoiosMatch15.3\(3\)ja8
ORciscoiosMatch15.3\(3\)ja10
ORciscoiosMatch15.3\(3\)ja11
ORciscoiosMatch15.3\(3\)ja12
ORciscoiosMatch15.3\(3\)jaa
ORciscoiosMatch15.3\(3\)jb
ORciscoiosMatch15.3\(3\)jnb
ORciscoiosMatch15.3\(3\)jnb1
ORciscoiosMatch15.3\(3\)jnb2
ORciscoiosMatch15.3\(3\)jnb3
ORciscoiosMatch15.3\(3\)jnb4
ORciscoiosMatch15.3\(3\)jnb6
ORciscoiosMatch15.3\(3\)jnb5
ORciscoiosMatch15.3\(3\)jax
ORciscoiosMatch15.3\(3\)jax1
ORciscoiosMatch15.3\(3\)jax2
ORciscoiosMatch15.3\(3\)jbb
ORciscoiosMatch15.3\(3\)jbb1
ORciscoiosMatch15.3\(3\)jbb2
ORciscoiosMatch15.3\(3\)jbb4
ORciscoiosMatch15.3\(3\)jbb5
ORciscoiosMatch15.3\(3\)jbb6
ORciscoiosMatch15.3\(3\)jbb8
ORciscoiosMatch15.3\(3\)jbb6a
ORciscoiosMatch15.3\(3\)jc
ORciscoiosMatch15.3\(3\)jc1
ORciscoiosMatch15.3\(3\)jc2
ORciscoiosMatch15.3\(3\)jc3
ORciscoiosMatch15.3\(3\)jc4
ORciscoiosMatch15.3\(3\)jc5
ORciscoiosMatch15.3\(3\)jc6
ORciscoiosMatch15.3\(3\)jc8
ORciscoiosMatch15.3\(3\)jc9
ORciscoiosMatch15.3\(3\)jc14
ORciscoiosMatch15.3\(3\)jnc
ORciscoiosMatch15.3\(3\)jnc1
ORciscoiosMatch15.3\(3\)jnc2
ORciscoiosMatch15.3\(3\)jnc3
ORciscoiosMatch15.3\(3\)jnc4
ORciscoiosMatch15.3\(3\)jnp
ORciscoiosMatch15.3\(3\)jnp1
ORciscoiosMatch15.3\(3\)jnp3
ORciscoiosMatch15.3\(3\)jpb
ORciscoiosMatch15.3\(3\)jpb1
ORciscoiosMatch15.3\(3\)jd
ORciscoiosMatch15.3\(3\)jd2
ORciscoiosMatch15.3\(3\)jd3
ORciscoiosMatch15.3\(3\)jd4
ORciscoiosMatch15.3\(3\)jd5
ORciscoiosMatch15.3\(3\)jd6
ORciscoiosMatch15.3\(3\)jd7
ORciscoiosMatch15.3\(3\)jd8
ORciscoiosMatch15.3\(3\)jd9
ORciscoiosMatch15.3\(3\)jd11
ORciscoiosMatch15.3\(3\)jd12
ORciscoiosMatch15.3\(3\)jd13
ORciscoiosMatch15.3\(3\)jd14
ORciscoiosMatch15.3\(3\)jd16
ORciscoiosMatch15.3\(3\)jd17
ORciscoiosMatch15.2\(4\)ec1
ORciscoiosMatch15.2\(4\)ec2
ORciscoiosMatch15.3\(3\)jpc
ORciscoiosMatch15.3\(3\)jpc1
ORciscoiosMatch15.3\(3\)jpc2
ORciscoiosMatch15.3\(3\)jpc3
ORciscoiosMatch15.3\(3\)jpc5
ORciscoiosMatch15.3\(3\)jnd
ORciscoiosMatch15.3\(3\)jnd1
ORciscoiosMatch15.3\(3\)jnd2
ORciscoiosMatch15.3\(3\)jnd3
ORciscoiosMatch15.3\(3\)je
ORciscoiosMatch15.3\(3\)jpd
ORciscoiosMatch15.3\(3\)jf
ORciscoiosMatch15.3\(3\)jf1
ORciscoiosMatch15.3\(3\)jf2
ORciscoiosMatch15.3\(3\)jf4
ORciscoiosMatch15.3\(3\)jf5
ORciscoiosMatch15.3\(3\)jf6
ORciscoiosMatch15.3\(3\)jf7
ORciscoiosMatch15.3\(3\)jf8
ORciscoiosMatch15.3\(3\)jf9
ORciscoiosMatch15.3\(3\)jf10
ORciscoiosMatch15.3\(3\)jf11
ORciscoiosMatch15.3\(3\)jf12
ORciscoiosMatch15.3\(3\)jf13
ORciscoiosMatch15.3\(3\)jf12i
ORciscoiosMatch15.3\(3\)jg
ORciscoiosMatch15.3\(3\)jg1
ORciscoiosMatch15.3\(3\)jh
ORciscoiosMatch15.3\(3\)jh1
ORciscoiosMatch15.3\(3\)ji1
ORciscoiosMatch15.3\(3\)ji3
ORciscoiosMatch15.3\(3\)ji4
ORciscoiosMatch15.3\(3\)ji5
ORciscoiosMatch15.3\(3\)ji6
ORciscoiosMatch15.3\(3\)jk
ORciscoiosMatch15.3\(3\)jk1
ORciscoiosMatch15.3\(3\)jk2
ORciscoiosMatch15.3\(3\)jk3
ORciscoiosMatch15.3\(3\)jk2a
ORciscoiosMatch15.3\(3\)jk1t
ORciscoiosMatch15.3\(3\)jk4
ORciscoiosMatch15.3\(3\)jj
ORciscoiosMatch15.3\(3\)jj1
ORciscoiosMatch15.3\(3\)jpj
ORciscoiosMatch15.1\(3\)svs
ORciscoiosMatch15.1\(3\)svt1
ORciscoiosMatch15.3\(3\)jpr1
ORciscocisco_ios_xe_softwareMatch3.6.5be
ORciscocisco_ios_xe_softwareMatch3.7.4e
ORciscocisco_ios_xe_softwareMatch3.7.5e
ORciscocisco_ios_xe_softwareMatch16.9.1
ORciscocisco_ios_xe_softwareMatch16.9.1d
ORciscocisco_ios_xe_softwareMatch16.10.1
ORciscocisco_ios_xe_softwareMatch16.10.1e
ORciscocisco_ios_xe_softwareMatch16.11.1
ORciscocisco_ios_xe_softwareMatch16.11.1a
ORciscocisco_ios_xe_softwareMatch16.11.2
ORciscocisco_ios_xe_softwareMatch16.11.1s
ORciscocisco_ios_xe_softwareMatch16.11.1c
ORciscocisco_ios_xe_softwareMatch16.12.1
ORciscocisco_ios_xe_softwareMatch16.12.1s
ORciscocisco_ios_xe_softwareMatch16.12.1c
ORciscocisco_ios_xe_softwareMatch16.12.2
ORciscocisco_ios_xe_softwareMatch16.12.3
ORciscocisco_ios_xe_softwareMatch16.12.2s
ORciscocisco_ios_xe_softwareMatch16.12.2t
ORciscocisco_ios_xe_softwareMatch16.12.4
ORciscocisco_ios_xe_softwareMatch16.12.3s
ORciscocisco_ios_xe_softwareMatch17.1.1
ORciscocisco_ios_xe_softwareMatch17.1.1s
ORciscocisco_ios_xe_softwareMatch17.1.2
ORciscocisco_ios_xe_softwareMatch17.1.1t
ORciscocisco_ios_xe_softwareMatch17.2.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | ios | 15.0ey | cpe:2.3:o:cisco:ios:15.0ey:*:*:*:*:*:*:* |
| cisco | ios | 15.0ea | cpe:2.3:o:cisco:ios:15.0ea:*:*:*:*:*:*:* |
| cisco | ios | 15.2e | cpe:2.3:o:cisco:ios:15.2e:*:*:*:*:*:*:* |
| cisco | ios | 15.2ey | cpe:2.3:o:cisco:ios:15.2ey:*:*:*:*:*:*:* |
| cisco | ios | 15.2jaz | cpe:2.3:o:cisco:ios:15.2jaz:*:*:*:*:*:*:* |
| cisco | ios | 15.2eb | cpe:2.3:o:cisco:ios:15.2eb:*:*:*:*:*:*:* |
| cisco | ios | 15.2ea | cpe:2.3:o:cisco:ios:15.2ea:*:*:*:*:*:*:* |
| cisco | ios | 15.3jn | cpe:2.3:o:cisco:ios:15.3jn:*:*:*:*:*:*:* |
| cisco | ios | 15.3ja | cpe:2.3:o:cisco:ios:15.3ja:*:*:*:*:*:*:* |
| cisco | ios | 15.3jaa | cpe:2.3:o:cisco:ios:15.3jaa:*:*:*:*:*:*:* |
Related
nessus
nessus
nvd
nvd
CVE-2021-1392
2021-03-24 20:15:14
cvelist
cvelist
cve
cve
CVE-2021-1392
2021-03-24 20:15:14
prion
prion
Command injection
2021-03-24 20:15:00
ics
ics
Rockwell Automation Stratix Switches
2021-04-20 12:00:00