Lucene search
CiscoCISCO-SA-XESDWPINJ-V4WEEQZUHistoryMar 24, 2021 - 4:00 p.m.
Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities
2021-03-2416:00:00
tools.cisco.com
67
cisco
cli
vulnerability
operating system
software updates
EPSS
0
Percentile
5.1%
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges.
These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xesdwpinj-V4weeqzU [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xesdwpinj-V4weeqzU”]
Affected configurations
Node
ciscocisco_ios_xe_softwareMatch16.9
ORciscocisco_ios_xe_softwareMatch16.10
ORciscocisco_ios_xe_softwareMatch16.11
ORciscocisco_ios_xe_softwareMatch16.12
ORciscocisco_ios_xe_softwareMatch17.1
ORciscocisco_ios_xe_softwareMatch17.2
ORciscocisco_ios_xe_softwareMatch17.3
ORciscocisco_ios_xe_softwareMatch17.4
ORciscocisco_ios_xe_softwareMatchany
ORciscoios_xe_sd-wanMatchany
ORciscocisco_ios_xe_softwareMatch16.9.1
ORciscocisco_ios_xe_softwareMatch16.9.2
ORciscocisco_ios_xe_softwareMatch16.9.3
ORciscocisco_ios_xe_softwareMatch16.9.4
ORciscocisco_ios_xe_softwareMatch16.10.1
ORciscocisco_ios_xe_softwareMatch16.10.1a
ORciscocisco_ios_xe_softwareMatch16.10.1b
ORciscocisco_ios_xe_softwareMatch16.10.1s
ORciscocisco_ios_xe_softwareMatch16.10.1c
ORciscocisco_ios_xe_softwareMatch16.10.1e
ORciscocisco_ios_xe_softwareMatch16.10.1d
ORciscocisco_ios_xe_softwareMatch16.10.2
ORciscocisco_ios_xe_softwareMatch16.10.1f
ORciscocisco_ios_xe_softwareMatch16.10.1g
ORciscocisco_ios_xe_softwareMatch16.10.3
ORciscocisco_ios_xe_softwareMatch16.11.1
ORciscocisco_ios_xe_softwareMatch16.11.1a
ORciscocisco_ios_xe_softwareMatch16.11.1b
ORciscocisco_ios_xe_softwareMatch16.11.2
ORciscocisco_ios_xe_softwareMatch16.11.1s
ORciscocisco_ios_xe_softwareMatch16.11.1c
ORciscocisco_ios_xe_softwareMatch16.12.1
ORciscocisco_ios_xe_softwareMatch16.12.1s
ORciscocisco_ios_xe_softwareMatch16.12.1a
ORciscocisco_ios_xe_softwareMatch16.12.1c
ORciscocisco_ios_xe_softwareMatch16.12.1w
ORciscocisco_ios_xe_softwareMatch16.12.2
ORciscocisco_ios_xe_softwareMatch16.12.1y
ORciscocisco_ios_xe_softwareMatch16.12.2a
ORciscocisco_ios_xe_softwareMatch16.12.3
ORciscocisco_ios_xe_softwareMatch16.12.2s
ORciscocisco_ios_xe_softwareMatch16.12.1x
ORciscocisco_ios_xe_softwareMatch16.12.1t
ORciscocisco_ios_xe_softwareMatch16.12.2t
ORciscocisco_ios_xe_softwareMatch16.12.4
ORciscocisco_ios_xe_softwareMatch16.12.3s
ORciscocisco_ios_xe_softwareMatch16.12.1z
ORciscocisco_ios_xe_softwareMatch16.12.3a
ORciscocisco_ios_xe_softwareMatch16.12.4a
ORciscocisco_ios_xe_softwareMatch16.12.5
ORciscocisco_ios_xe_softwareMatch16.12.1z1
ORciscocisco_ios_xe_softwareMatch16.12.5b
ORciscocisco_ios_xe_softwareMatch17.1.1
ORciscocisco_ios_xe_softwareMatch17.1.1a
ORciscocisco_ios_xe_softwareMatch17.1.1s
ORciscocisco_ios_xe_softwareMatch17.1.2
ORciscocisco_ios_xe_softwareMatch17.1.1t
ORciscocisco_ios_xe_softwareMatch17.1.3
ORciscocisco_ios_xe_softwareMatch17.2.1
ORciscocisco_ios_xe_softwareMatch17.2.1r
ORciscocisco_ios_xe_softwareMatch17.2.1a
ORciscocisco_ios_xe_softwareMatch17.2.1v
ORciscocisco_ios_xe_softwareMatch17.2.2
ORciscocisco_ios_xe_softwareMatch17.3.1
ORciscocisco_ios_xe_softwareMatch17.3.2
ORciscocisco_ios_xe_softwareMatch17.3.1a
ORciscocisco_ios_xe_softwareMatch17.3.1w
ORciscocisco_ios_xe_softwareMatch17.3.2a
ORciscocisco_ios_xe_softwareMatch17.3.1x
ORciscocisco_ios_xe_softwareMatch17.4.1
ORciscocisco_ios_xe_softwareMatch17.4.1a
ORciscocisco_ios_xe_softwareMatchany
ORciscoios_xe_sd-wanMatchany
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | cisco_ios_xe_software | 16.9 | cpe:2.3:a:cisco:cisco_ios_xe_software:16.9:*:*:*:*:*:*:* |
| cisco | cisco_ios_xe_software | 16.10 | cpe:2.3:a:cisco:cisco_ios_xe_software:16.10:*:*:*:*:*:*:* |
| cisco | cisco_ios_xe_software | 16.11 | cpe:2.3:a:cisco:cisco_ios_xe_software:16.11:*:*:*:*:*:*:* |
| cisco | cisco_ios_xe_software | 16.12 | cpe:2.3:a:cisco:cisco_ios_xe_software:16.12:*:*:*:*:*:*:* |
| cisco | cisco_ios_xe_software | 17.1 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.1:*:*:*:*:*:*:* |
| cisco | cisco_ios_xe_software | 17.2 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.2:*:*:*:*:*:*:* |
| cisco | cisco_ios_xe_software | 17.3 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.3:*:*:*:*:*:*:* |
| cisco | cisco_ios_xe_software | 17.4 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.4:*:*:*:*:*:*:* |
| cisco | cisco_ios_xe_software | any | cpe:2.3:a:cisco:cisco_ios_xe_software:any:*:*:*:*:*:*:* |
| cisco | ios_xe_sd-wan | any | cpe:2.3:o:cisco:ios_xe_sd-wan:any:*:*:*:*:*:*:* |
Related
nessus
nessus
cvelist
cvelist
nvd
nvd
CVE-2021-1454
2021-03-24 20:15:15
CVE-2021-1383
2021-03-24 20:15:13
prion
prion
Input validation
2021-03-24 20:15:00
Input validation
2021-03-24 20:15:00
cve
cve
CVE-2021-1383
2021-03-24 20:15:13
CVE-2021-1454
2021-03-24 20:15:15