Lucene search

CiscoCVE-2021-1398

HistoryMar 24, 2021 - 8:15 p.m.

CVE-2021-1398

2021-03-2420:15:14

CWE-489

cisco

web.nvd.nist.gov

cisco

ios xe

vulnerability

authenticated

local attacker

unauthenticated attacker

arbitrary code

linux operating system

cve-2021-1398

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

34.3%

JSON

A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operating system of an affected device. This vulnerability is due to incorrect validations of specific function arguments that are passed to the boot script. An attacker could exploit this vulnerability by tampering with a specific file, which an affected device would process during the initial boot process. On systems that are protected by the Unified Extensible Firmware Interface (UEFI) secure boot feature, a successful exploit could allow the attacker to execute unsigned code at boot time and bypass the image verification check in the secure boot process of the affected device.

Affected configurations

Nvd

Node

ciscoios_xeMatch3.7.0bs

ciscoios_xeMatch3.7.0s

ciscoios_xeMatch3.7.0xas

ciscoios_xeMatch3.7.0xbs

ciscoios_xeMatch3.7.1as

ciscoios_xeMatch3.7.1s

ciscoios_xeMatch3.7.2s

ciscoios_xeMatch3.7.2ts

ciscoios_xeMatch3.7.3s

ciscoios_xeMatch3.7.4as

ciscoios_xeMatch3.7.4s

ciscoios_xeMatch3.7.5s

ciscoios_xeMatch3.7.6s

ciscoios_xeMatch3.7.7s

ciscoios_xeMatch3.7.8s

ciscoios_xeMatch3.8.0s

ciscoios_xeMatch3.8.1s

ciscoios_xeMatch3.8.2s

ciscoios_xeMatch3.9.0as

ciscoios_xeMatch3.9.0s

ciscoios_xeMatch3.9.0xas

ciscoios_xeMatch3.9.1as

ciscoios_xeMatch3.9.1s

ciscoios_xeMatch3.9.2s

ciscoios_xeMatch3.10.0s

ciscoios_xeMatch3.10.1s

ciscoios_xeMatch3.10.1xbs

ciscoios_xeMatch3.10.1xcs

ciscoios_xeMatch3.10.2as

ciscoios_xeMatch3.10.2s

ciscoios_xeMatch3.10.2ts

ciscoios_xeMatch3.10.3s

ciscoios_xeMatch3.10.4s

ciscoios_xeMatch3.10.5s

ciscoios_xeMatch3.10.6s

ciscoios_xeMatch3.10.7s

ciscoios_xeMatch3.10.8as

ciscoios_xeMatch3.10.8s

ciscoios_xeMatch3.10.9s

ciscoios_xeMatch3.10.10s

ciscoios_xeMatch3.11.0s

ciscoios_xeMatch3.11.1s

ciscoios_xeMatch3.11.2s

ciscoios_xeMatch3.11.3s

ciscoios_xeMatch3.11.4s

ciscoios_xeMatch3.12.0as

ciscoios_xeMatch3.12.0s

ciscoios_xeMatch3.12.1s

ciscoios_xeMatch3.12.2s

ciscoios_xeMatch3.12.3s

ciscoios_xeMatch3.12.4s

ciscoios_xeMatch3.13.0as

ciscoios_xeMatch3.13.0s

ciscoios_xeMatch3.13.1s

ciscoios_xeMatch3.13.2as

ciscoios_xeMatch3.13.2s

ciscoios_xeMatch3.13.3s

ciscoios_xeMatch3.13.4s

ciscoios_xeMatch3.13.5as

ciscoios_xeMatch3.13.5s

ciscoios_xeMatch3.13.6as

ciscoios_xeMatch3.13.6bs

ciscoios_xeMatch3.13.6s

ciscoios_xeMatch3.13.7as

ciscoios_xeMatch3.13.7s

ciscoios_xeMatch3.13.8s

ciscoios_xeMatch3.13.9s

ciscoios_xeMatch3.13.10s

ciscoios_xeMatch3.14.0s

ciscoios_xeMatch3.14.1s

ciscoios_xeMatch3.14.2s

ciscoios_xeMatch3.14.3s

ciscoios_xeMatch3.14.4s

ciscoios_xeMatch3.15.0s

ciscoios_xeMatch3.15.1cs

ciscoios_xeMatch3.15.1s

ciscoios_xeMatch3.15.1xbs

ciscoios_xeMatch3.15.2s

ciscoios_xeMatch3.15.2xbs

ciscoios_xeMatch3.15.3s

ciscoios_xeMatch3.15.4s

ciscoios_xeMatch3.16.0as

ciscoios_xeMatch3.16.0bs

ciscoios_xeMatch3.16.0cs

ciscoios_xeMatch3.16.0s

ciscoios_xeMatch3.16.1as

ciscoios_xeMatch3.16.1s

ciscoios_xeMatch3.16.2as

ciscoios_xeMatch3.16.2bs

ciscoios_xeMatch3.16.2s

ciscoios_xeMatch3.16.3as

ciscoios_xeMatch3.16.3s

ciscoios_xeMatch3.16.4as

ciscoios_xeMatch3.16.4bs

ciscoios_xeMatch3.16.4cs

ciscoios_xeMatch3.16.4ds

ciscoios_xeMatch3.16.4es

ciscoios_xeMatch3.16.4gs

ciscoios_xeMatch3.16.4s

ciscoios_xeMatch3.16.5as

ciscoios_xeMatch3.16.5bs

ciscoios_xeMatch3.16.5s

ciscoios_xeMatch3.16.6bs

ciscoios_xeMatch3.16.6s

ciscoios_xeMatch3.16.7as

ciscoios_xeMatch3.16.7bs

ciscoios_xeMatch3.16.7s

ciscoios_xeMatch3.16.8s

ciscoios_xeMatch3.16.9s

ciscoios_xeMatch3.16.10as

ciscoios_xeMatch3.16.10s

ciscoios_xeMatch3.17.0s

ciscoios_xeMatch3.17.1as

ciscoios_xeMatch3.17.1s

ciscoios_xeMatch3.17.2s

ciscoios_xeMatch3.17.3s

ciscoios_xeMatch3.17.4s

ciscoios_xeMatch3.18.0as

ciscoios_xeMatch3.18.0s

ciscoios_xeMatch3.18.0sp

ciscoios_xeMatch3.18.1asp

ciscoios_xeMatch3.18.1bsp

ciscoios_xeMatch3.18.1csp

ciscoios_xeMatch3.18.1gsp

ciscoios_xeMatch3.18.1hsp

ciscoios_xeMatch3.18.1isp

ciscoios_xeMatch3.18.1s

ciscoios_xeMatch3.18.1sp

ciscoios_xeMatch3.18.2asp

ciscoios_xeMatch3.18.2s

ciscoios_xeMatch3.18.2sp

ciscoios_xeMatch3.18.3asp

ciscoios_xeMatch3.18.3bsp

ciscoios_xeMatch3.18.3s

ciscoios_xeMatch3.18.3sp

ciscoios_xeMatch3.18.4s

ciscoios_xeMatch3.18.4sp

ciscoios_xeMatch3.18.5sp

ciscoios_xeMatch3.18.6sp

ciscoios_xeMatch3.18.7sp

ciscoios_xeMatch3.18.8asp

ciscoios_xeMatch3.18.8sp

ciscoios_xeMatch16.1.1

ciscoios_xeMatch16.1.2

ciscoios_xeMatch16.1.3

ciscoios_xeMatch16.2.1

ciscoios_xeMatch16.2.2

ciscoios_xeMatch16.3.1

ciscoios_xeMatch16.3.1a

ciscoios_xeMatch16.3.2

ciscoios_xeMatch16.3.3

ciscoios_xeMatch16.3.4

ciscoios_xeMatch16.3.5

ciscoios_xeMatch16.3.5b

ciscoios_xeMatch16.3.6

ciscoios_xeMatch16.3.7

ciscoios_xeMatch16.3.8

ciscoios_xeMatch16.3.9

ciscoios_xeMatch16.3.10

ciscoios_xeMatch16.4.1

ciscoios_xeMatch16.4.2

ciscoios_xeMatch16.4.3

ciscoios_xeMatch16.5.1

ciscoios_xeMatch16.5.1a

ciscoios_xeMatch16.5.1b

ciscoios_xeMatch16.5.2

ciscoios_xeMatch16.5.3

ciscoios_xeMatch16.6.1

ciscoios_xeMatch16.6.2

ciscoios_xeMatch16.6.3

ciscoios_xeMatch16.6.4

ciscoios_xeMatch16.6.4a

ciscoios_xeMatch16.6.4s

ciscoios_xeMatch16.6.5

ciscoios_xeMatch16.6.5a

ciscoios_xeMatch16.6.5b

ciscoios_xeMatch16.6.6

ciscoios_xeMatch16.6.7

ciscoios_xeMatch16.6.7a

ciscoios_xeMatch16.6.8

ciscoios_xeMatch16.7.1

ciscoios_xeMatch16.7.1a

ciscoios_xeMatch16.7.1b

ciscoios_xeMatch16.7.2

ciscoios_xeMatch16.7.3

ciscoios_xeMatch16.7.4

ciscoios_xeMatch16.8.1

ciscoios_xeMatch16.8.1a

ciscoios_xeMatch16.8.1b

ciscoios_xeMatch16.8.1c

ciscoios_xeMatch16.8.1d

ciscoios_xeMatch16.8.1e

ciscoios_xeMatch16.8.1s

ciscoios_xeMatch16.8.2

ciscoios_xeMatch16.8.3

ciscoios_xeMatch16.9.1

ciscoios_xeMatch16.9.1a

ciscoios_xeMatch16.9.1b

ciscoios_xeMatch16.9.1c

ciscoios_xeMatch16.9.1d

ciscoios_xeMatch16.9.1s

ciscoios_xeMatch16.9.2

ciscoios_xeMatch16.9.2a

ciscoios_xeMatch16.9.2s

ciscoios_xeMatch16.9.3

ciscoios_xeMatch16.9.3a

ciscoios_xeMatch16.9.3h

ciscoios_xeMatch16.9.3s

ciscoios_xeMatch16.9.4

ciscoios_xeMatch16.9.4c

ciscoios_xeMatch16.9.5

ciscoios_xeMatch16.9.5f

ciscoios_xeMatch16.10.1

ciscoios_xeMatch16.10.1a

ciscoios_xeMatch16.10.1b

ciscoios_xeMatch16.10.1c

ciscoios_xeMatch16.10.1d

ciscoios_xeMatch16.10.1e

ciscoios_xeMatch16.10.1f

ciscoios_xeMatch16.10.1g

ciscoios_xeMatch16.10.1s

ciscoios_xeMatch16.10.2

ciscoios_xeMatch16.10.3

ciscoios_xeMatch16.11.1

ciscoios_xeMatch16.11.1a

ciscoios_xeMatch16.11.1b

ciscoios_xeMatch16.11.1c

ciscoios_xeMatch16.11.1s

ciscoios_xeMatch16.11.2

ciscoios_xeMatch16.12.1

ciscoios_xeMatch16.12.1a

ciscoios_xeMatch16.12.1c

ciscoios_xeMatch16.12.1s

ciscoios_xeMatch16.12.1t

ciscoios_xeMatch16.12.1w

ciscoios_xeMatch16.12.1x

ciscoios_xeMatch16.12.1y

ciscoios_xeMatch16.12.1z

ciscoios_xeMatch16.12.1za

ciscoios_xeMatch16.12.2

ciscoios_xeMatch16.12.2a

ciscoios_xeMatch16.12.2s

ciscoios_xeMatch16.12.2t

ciscoios_xeMatch16.12.3

ciscoios_xeMatch16.12.3a

ciscoios_xeMatch16.12.3s

ciscoios_xeMatch16.12.4

ciscoios_xeMatch16.12.4a

ciscoios_xeMatch17.1.1

ciscoios_xeMatch17.1.1a

ciscoios_xeMatch17.1.1s

ciscoios_xeMatch17.1.1t

ciscoios_xeMatch17.1.2

ciscoios_xeMatch17.2.1

ciscoios_xeMatch17.2.1a

ciscoios_xeMatch17.2.1r

ciscoios_xeMatch17.2.1v

VendorProductVersionCPE
ciscoios_xe3.7.0bscpe:2.3:o:cisco:ios_xe:3.7.0bs:*:*:*:*:*:*:*
ciscoios_xe3.7.0scpe:2.3:o:cisco:ios_xe:3.7.0s:*:*:*:*:*:*:*
ciscoios_xe3.7.0xascpe:2.3:o:cisco:ios_xe:3.7.0xas:*:*:*:*:*:*:*
ciscoios_xe3.7.0xbscpe:2.3:o:cisco:ios_xe:3.7.0xbs:*:*:*:*:*:*:*
ciscoios_xe3.7.1ascpe:2.3:o:cisco:ios_xe:3.7.1as:*:*:*:*:*:*:*
ciscoios_xe3.7.1scpe:2.3:o:cisco:ios_xe:3.7.1s:*:*:*:*:*:*:*
ciscoios_xe3.7.2scpe:2.3:o:cisco:ios_xe:3.7.2s:*:*:*:*:*:*:*
ciscoios_xe3.7.2tscpe:2.3:o:cisco:ios_xe:3.7.2ts:*:*:*:*:*:*:*
ciscoios_xe3.7.3scpe:2.3:o:cisco:ios_xe:3.7.3s:*:*:*:*:*:*:*
ciscoios_xe3.7.4ascpe:2.3:o:cisco:ios_xe:3.7.4as:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	3.7.0bs	cpe:2.3:o:cisco:ios_xe:3.7.0bs:::::::*
cisco	ios_xe	3.7.0s	cpe:2.3:o:cisco:ios_xe:3.7.0s:::::::*
cisco	ios_xe	3.7.0xas	cpe:2.3:o:cisco:ios_xe:3.7.0xas:::::::*
cisco	ios_xe	3.7.0xbs	cpe:2.3:o:cisco:ios_xe:3.7.0xbs:::::::*
cisco	ios_xe	3.7.1as	cpe:2.3:o:cisco:ios_xe:3.7.1as:::::::*
cisco	ios_xe	3.7.1s	cpe:2.3:o:cisco:ios_xe:3.7.1s:::::::*
cisco	ios_xe	3.7.2s	cpe:2.3:o:cisco:ios_xe:3.7.2s:::::::*
cisco	ios_xe	3.7.2ts	cpe:2.3:o:cisco:ios_xe:3.7.2ts:::::::*
cisco	ios_xe	3.7.3s	cpe:2.3:o:cisco:ios_xe:3.7.3s:::::::*
cisco	ios_xe	3.7.4as	cpe:2.3:o:cisco:ios_xe:3.7.4as:::::::*

Rows per page:

1-10 of 2571

CNA Affected

[
  {
    "product": "Cisco IOS XE Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-ACE-75K3bRWe

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

34.3%

JSON

Related for CVE-2021-1398