Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2021-1392
HistoryMar 24, 2021 - 8:15 p.m.

CVE-2021-1392

2021-03-2420:15:14
CWE-522
cisco
web.nvd.nist.gov
44
cve-2021-1392
cisco
ios
ios xe
vulnerability
password retrieval
cip
remote device configuration

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0

Percentile

5.1%

JSON

A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user. This vulnerability exists because incorrect permissions are associated with the show cip security CLI command. An attacker could exploit this vulnerability by issuing the command to retrieve the password for CIP on an affected device. A successful exploit could allow the attacker to reconfigure the device.

Affected configurations

Nvd
Node
ciscoiosMatch15.0\(1\)ey
OR
ciscoiosMatch15.0\(1\)ey1
OR
ciscoiosMatch15.0\(1\)ey2
OR
ciscoiosMatch15.1\(3\)svs
OR
ciscoiosMatch15.1\(3\)svt1
OR
ciscoiosMatch15.2\(1\)ey
OR
ciscoiosMatch15.2\(2\)e
OR
ciscoiosMatch15.2\(2\)e1
OR
ciscoiosMatch15.2\(2\)e2
OR
ciscoiosMatch15.2\(2\)e3
OR
ciscoiosMatch15.2\(2\)e4
OR
ciscoiosMatch15.2\(2\)e5
OR
ciscoiosMatch15.2\(2\)e5a
OR
ciscoiosMatch15.2\(2\)e5b
OR
ciscoiosMatch15.2\(2\)e6
OR
ciscoiosMatch15.2\(2\)e7
OR
ciscoiosMatch15.2\(2\)e7b
OR
ciscoiosMatch15.2\(2\)e8
OR
ciscoiosMatch15.2\(2\)e9
OR
ciscoiosMatch15.2\(2\)e10
OR
ciscoiosMatch15.2\(2\)ea
OR
ciscoiosMatch15.2\(2\)ea1
OR
ciscoiosMatch15.2\(2\)ea2
OR
ciscoiosMatch15.2\(2\)ea3
OR
ciscoiosMatch15.2\(2\)eb
OR
ciscoiosMatch15.2\(2\)eb1
OR
ciscoiosMatch15.2\(2\)eb2
OR
ciscoiosMatch15.2\(2a\)e2
OR
ciscoiosMatch15.2\(2b\)e
OR
ciscoiosMatch15.2\(3\)e1
OR
ciscoiosMatch15.2\(3\)e2
OR
ciscoiosMatch15.2\(3\)e3
OR
ciscoiosMatch15.2\(3\)e4
OR
ciscoiosMatch15.2\(3\)e5
OR
ciscoiosMatch15.2\(3\)ea
OR
ciscoiosMatch15.2\(4\)e5a
OR
ciscoiosMatch15.2\(4\)ea
OR
ciscoiosMatch15.2\(4\)ea1
OR
ciscoiosMatch15.2\(4\)ea2
OR
ciscoiosMatch15.2\(4\)ea3
OR
ciscoiosMatch15.2\(4\)ea4
OR
ciscoiosMatch15.2\(4\)ea5
OR
ciscoiosMatch15.2\(4\)ea6
OR
ciscoiosMatch15.2\(4\)ea7
OR
ciscoiosMatch15.2\(4\)ea8
OR
ciscoiosMatch15.2\(4\)ea9
OR
ciscoiosMatch15.2\(4\)ea9a
OR
ciscoiosMatch15.2\(4\)ea10
OR
ciscoiosMatch15.2\(4\)ec1
OR
ciscoiosMatch15.2\(4\)ec2
OR
ciscoiosMatch15.2\(4\)jaz
OR
ciscoiosMatch15.2\(5\)e
OR
ciscoiosMatch15.2\(5\)e1
OR
ciscoiosMatch15.2\(5\)e2
OR
ciscoiosMatch15.2\(5\)e2b
OR
ciscoiosMatch15.2\(5\)e2c
OR
ciscoiosMatch15.2\(5\)ea
OR
ciscoiosMatch15.2\(5a\)e1
OR
ciscoiosMatch15.2\(6\)e
OR
ciscoiosMatch15.2\(6\)e0a
OR
ciscoiosMatch15.2\(6\)e0c
OR
ciscoiosMatch15.2\(6\)e1
OR
ciscoiosMatch15.2\(6\)e1a
OR
ciscoiosMatch15.2\(6\)e1s
OR
ciscoiosMatch15.2\(7\)e0b
OR
ciscoiosMatch15.2\(7a\)e0b
OR
ciscoiosMatch15.2\(7b\)e0b
OR
ciscoiosMatch15.3\(3\)ja1
OR
ciscoiosMatch15.3\(3\)ja4
OR
ciscoiosMatch15.3\(3\)ja5
OR
ciscoiosMatch15.3\(3\)ja6
OR
ciscoiosMatch15.3\(3\)ja7
OR
ciscoiosMatch15.3\(3\)ja8
OR
ciscoiosMatch15.3\(3\)ja10
OR
ciscoiosMatch15.3\(3\)ja11
OR
ciscoiosMatch15.3\(3\)ja12
OR
ciscoiosMatch15.3\(3\)jaa
OR
ciscoiosMatch15.3\(3\)jax
OR
ciscoiosMatch15.3\(3\)jax1
OR
ciscoiosMatch15.3\(3\)jax2
OR
ciscoiosMatch15.3\(3\)jb
OR
ciscoiosMatch15.3\(3\)jbb
OR
ciscoiosMatch15.3\(3\)jbb1
OR
ciscoiosMatch15.3\(3\)jbb2
OR
ciscoiosMatch15.3\(3\)jbb4
OR
ciscoiosMatch15.3\(3\)jbb5
OR
ciscoiosMatch15.3\(3\)jbb6
OR
ciscoiosMatch15.3\(3\)jbb6a
OR
ciscoiosMatch15.3\(3\)jbb8
OR
ciscoiosMatch15.3\(3\)jc
OR
ciscoiosMatch15.3\(3\)jc1
OR
ciscoiosMatch15.3\(3\)jc2
OR
ciscoiosMatch15.3\(3\)jc3
OR
ciscoiosMatch15.3\(3\)jc4
OR
ciscoiosMatch15.3\(3\)jc5
OR
ciscoiosMatch15.3\(3\)jc6
OR
ciscoiosMatch15.3\(3\)jc8
OR
ciscoiosMatch15.3\(3\)jc9
OR
ciscoiosMatch15.3\(3\)jc14
OR
ciscoiosMatch15.3\(3\)jd
OR
ciscoiosMatch15.3\(3\)jd2
OR
ciscoiosMatch15.3\(3\)jd3
OR
ciscoiosMatch15.3\(3\)jd4
OR
ciscoiosMatch15.3\(3\)jd5
OR
ciscoiosMatch15.3\(3\)jd6
OR
ciscoiosMatch15.3\(3\)jd7
OR
ciscoiosMatch15.3\(3\)jd8
OR
ciscoiosMatch15.3\(3\)jd9
OR
ciscoiosMatch15.3\(3\)jd11
OR
ciscoiosMatch15.3\(3\)jd12
OR
ciscoiosMatch15.3\(3\)jd13
OR
ciscoiosMatch15.3\(3\)jd14
OR
ciscoiosMatch15.3\(3\)jd16
OR
ciscoiosMatch15.3\(3\)jd17
OR
ciscoiosMatch15.3\(3\)je
OR
ciscoiosMatch15.3\(3\)jf
OR
ciscoiosMatch15.3\(3\)jf1
OR
ciscoiosMatch15.3\(3\)jf2
OR
ciscoiosMatch15.3\(3\)jf4
OR
ciscoiosMatch15.3\(3\)jf5
OR
ciscoiosMatch15.3\(3\)jf6
OR
ciscoiosMatch15.3\(3\)jf7
OR
ciscoiosMatch15.3\(3\)jf8
OR
ciscoiosMatch15.3\(3\)jf9
OR
ciscoiosMatch15.3\(3\)jf10
OR
ciscoiosMatch15.3\(3\)jf11
OR
ciscoiosMatch15.3\(3\)jf12
OR
ciscoiosMatch15.3\(3\)jf12i
OR
ciscoiosMatch15.3\(3\)jf13
OR
ciscoiosMatch15.3\(3\)jg
OR
ciscoiosMatch15.3\(3\)jg1
OR
ciscoiosMatch15.3\(3\)jh
OR
ciscoiosMatch15.3\(3\)jh1
OR
ciscoiosMatch15.3\(3\)ji1
OR
ciscoiosMatch15.3\(3\)ji3
OR
ciscoiosMatch15.3\(3\)ji4
OR
ciscoiosMatch15.3\(3\)ji5
OR
ciscoiosMatch15.3\(3\)ji6
OR
ciscoiosMatch15.3\(3\)jj
OR
ciscoiosMatch15.3\(3\)jj1
OR
ciscoiosMatch15.3\(3\)jk
OR
ciscoiosMatch15.3\(3\)jk1
OR
ciscoiosMatch15.3\(3\)jk1t
OR
ciscoiosMatch15.3\(3\)jk2
OR
ciscoiosMatch15.3\(3\)jk2a
OR
ciscoiosMatch15.3\(3\)jk3
OR
ciscoiosMatch15.3\(3\)jk4
OR
ciscoiosMatch15.3\(3\)jn
OR
ciscoiosMatch15.3\(3\)jn3
OR
ciscoiosMatch15.3\(3\)jn4
OR
ciscoiosMatch15.3\(3\)jn6
OR
ciscoiosMatch15.3\(3\)jn7
OR
ciscoiosMatch15.3\(3\)jn8
OR
ciscoiosMatch15.3\(3\)jn9
OR
ciscoiosMatch15.3\(3\)jn11
OR
ciscoiosMatch15.3\(3\)jn13
OR
ciscoiosMatch15.3\(3\)jn14
OR
ciscoiosMatch15.3\(3\)jn15
OR
ciscoiosMatch15.3\(3\)jnb
OR
ciscoiosMatch15.3\(3\)jnb1
OR
ciscoiosMatch15.3\(3\)jnb2
OR
ciscoiosMatch15.3\(3\)jnb3
OR
ciscoiosMatch15.3\(3\)jnb4
OR
ciscoiosMatch15.3\(3\)jnb5
OR
ciscoiosMatch15.3\(3\)jnb6
OR
ciscoiosMatch15.3\(3\)jnc
OR
ciscoiosMatch15.3\(3\)jnc1
OR
ciscoiosMatch15.3\(3\)jnc2
OR
ciscoiosMatch15.3\(3\)jnc3
OR
ciscoiosMatch15.3\(3\)jnc4
OR
ciscoiosMatch15.3\(3\)jnd
OR
ciscoiosMatch15.3\(3\)jnd1
OR
ciscoiosMatch15.3\(3\)jnd2
OR
ciscoiosMatch15.3\(3\)jnd3
OR
ciscoiosMatch15.3\(3\)jnp
OR
ciscoiosMatch15.3\(3\)jnp1
OR
ciscoiosMatch15.3\(3\)jnp3
OR
ciscoiosMatch15.3\(3\)jpb
OR
ciscoiosMatch15.3\(3\)jpb1
OR
ciscoiosMatch15.3\(3\)jpc
OR
ciscoiosMatch15.3\(3\)jpc1
OR
ciscoiosMatch15.3\(3\)jpc2
OR
ciscoiosMatch15.3\(3\)jpc3
OR
ciscoiosMatch15.3\(3\)jpc5
OR
ciscoiosMatch15.3\(3\)jpd
OR
ciscoios_xeMatch3.3.0xo
OR
ciscoios_xeMatch3.3.1xo
OR
ciscoios_xeMatch3.3.2xo
OR
ciscoios_xeMatch3.6.5be
OR
ciscoios_xeMatch3.7.4e
OR
ciscoios_xeMatch3.7.5e
OR
ciscoios_xeMatch16.9.1
OR
ciscoios_xeMatch16.9.1d
OR
ciscoios_xeMatch16.10.1
OR
ciscoios_xeMatch16.10.1e
OR
ciscoios_xeMatch16.11.1
OR
ciscoios_xeMatch16.11.1a
OR
ciscoios_xeMatch16.11.1c
OR
ciscoios_xeMatch16.11.1s
OR
ciscoios_xeMatch16.11.2
OR
ciscoios_xeMatch16.12.1
OR
ciscoios_xeMatch16.12.1c
OR
ciscoios_xeMatch16.12.1s
OR
ciscoios_xeMatch16.12.2
OR
ciscoios_xeMatch16.12.2s
OR
ciscoios_xeMatch16.12.2t
OR
ciscoios_xeMatch16.12.3
OR
ciscoios_xeMatch16.12.3s
OR
ciscoios_xeMatch16.12.4
OR
ciscoios_xeMatch17.1.1
OR
ciscoios_xeMatch17.1.1s
OR
ciscoios_xeMatch17.1.1t
OR
ciscoios_xeMatch17.1.2
OR
ciscoios_xeMatch17.2.1
VendorProductVersionCPE
ciscoios15.0(1)eycpe:2.3:o:cisco:ios:15.0\(1\)ey:*:*:*:*:*:*:*
ciscoios15.0(1)ey1cpe:2.3:o:cisco:ios:15.0\(1\)ey1:*:*:*:*:*:*:*
ciscoios15.0(1)ey2cpe:2.3:o:cisco:ios:15.0\(1\)ey2:*:*:*:*:*:*:*
ciscoios15.1(3)svscpe:2.3:o:cisco:ios:15.1\(3\)svs:*:*:*:*:*:*:*
ciscoios15.1(3)svt1cpe:2.3:o:cisco:ios:15.1\(3\)svt1:*:*:*:*:*:*:*
ciscoios15.2(1)eycpe:2.3:o:cisco:ios:15.2\(1\)ey:*:*:*:*:*:*:*
ciscoios15.2(2)ecpe:2.3:o:cisco:ios:15.2\(2\)e:*:*:*:*:*:*:*
ciscoios15.2(2)e1cpe:2.3:o:cisco:ios:15.2\(2\)e1:*:*:*:*:*:*:*
ciscoios15.2(2)e2cpe:2.3:o:cisco:ios:15.2\(2\)e2:*:*:*:*:*:*:*
ciscoios15.2(2)e3cpe:2.3:o:cisco:ios:15.2\(2\)e3:*:*:*:*:*:*:*
Rows per page:
1-10 of 2141

CNA Affected

[
  {
    "product": "Cisco IOS",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Related

nessus 2
nvd 1
cvelist 1
cisco 1
prion 1
ics 1
nessus
nessus
Cisco IOS Software Common Industrial Protocol Privilege Escalation (cisco-sa-XE-SAP-OPLbze68)
2021-03-30 00:00:00
Cisco IOS XE Software Common Industrial Protocol Privilege Escalation (cisco-sa-XE-SAP-OPLbze68)
2021-03-30 00:00:00
nvd
nvd
CVE-2021-1392
2021-03-24 20:15:14
cvelist
cvelist
CVE-2021-1392 Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability
2021-03-24 20:07:19
cisco
cisco
Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability
2021-03-24 16:00:00
prion
prion
Command injection
2021-03-24 20:15:00
ics
ics
Rockwell Automation Stratix Switches
2021-04-20 12:00:00

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0

Percentile

5.1%

JSON
Related for CVE-2021-1392
nessus2nvd1cvelist1cisco1prion1ics1