Lucene search

[email protected]CVE-2021-34725

HistorySep 23, 2021 - 3:15 a.m.

CVE-2021-34725

2021-09-2303:15:19

CWE-77

CWE-78

[email protected]

web.nvd.nist.gov

cisco

ios xe

sd-wan

vulnerability

cli

authenticated attacker

arbitrary commands

root-level privileges

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root-level privileges.

Affected configurations

NVD

Node

ciscoios_xe_sd-wanRange≤17.2.1r

AND

cisco1000_integrated_services_routerMatch-

cisco1100-4g\/6g_integrated_services_routerMatch-

cisco1100-4p_integrated_services_routerMatch-

cisco1100-8p_integrated_services_routerMatch-

cisco1100_integrated_services_routerMatch-

cisco1101-4p_integrated_services_routerMatch-

cisco1101_integrated_services_routerMatch-

cisco1109-2p_integrated_services_routerMatch-

cisco1109-4p_integrated_services_routerMatch-

cisco1109_integrated_services_routerMatch-

cisco1111x-8p_integrated_services_routerMatch-

cisco1111x_integrated_services_routerMatch-

cisco111x_integrated_services_routerMatch-

cisco1120_integrated_services_routerMatch-

cisco1160_integrated_services_routerMatch-

cisco4000_integrated_services_routerMatch-

cisco422_integrated_services_routerMatch-

cisco4221_integrated_services_routerMatch-

cisco4321_integrated_services_routerMatch-

cisco4331_integrated_services_routerMatch-

cisco4351_integrated_services_routerMatch-

cisco4431_integrated_services_routerMatch-

cisco4451-x_integrated_services_routerMatch-

cisco4451_integrated_services_routerMatch-

cisco4461_integrated_services_routerMatch-

ciscoasr_1000Match-

ciscoasr_1000-esp100Match-

ciscoasr_1000-xMatch-

ciscoasr_1000_seriesMatch-

ciscoasr_1000_series_route_processor_\(rp2\)Match-

ciscoasr_1000_series_route_processor_\(rp3\)Match-

ciscoasr_1001Match-

ciscoasr_1001-hxMatch-

ciscoasr_1001-hx_rMatch-

ciscoasr_1001-xMatch-

ciscoasr_1001-x_rMatch-

ciscoasr_1002Match-

ciscoasr_1002-hxMatch-

ciscoasr_1002-hx_rMatch-

ciscoasr_1002-xMatch-

ciscoasr_1002-x_rMatch-

ciscoasr_1004Match-

ciscoasr_1006Match-

ciscoasr_1006-xMatch-

ciscoasr_1009-xMatch-

ciscoasr_1013Match-

ciscoasr_1023Match-

ciscocsr_1000vMatch-

CPENameOperatorVersion
cisco:ios_xe_sd-wancisco ios xe sd-wanle17.2.1r

CPE	Name	Operator	Version
cisco:ios_xe_sd-wan	cisco ios xe sd-wan	le	17.2.1r

CNA Affected

[
  {
    "product": "Cisco IOS XE SD-WAN Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-maapi-privesc-KSUg7QSS

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2021-34725

prion1 cisco1 nvd1 cvelist1