Lucene search

CiscoCVELIST:CVE-2021-1391

HistoryMar 24, 2021 - 8:07 p.m.

CVE-2021-1391 Cisco IOS and IOS XE Software Privilege Escalation Vulnerability

2021-03-2420:07:23

CWE-489

cisco

www.cve.org

cisco

ios xe

privilege escalation

vulnerability

authenticated

local attacker

consent token

development testing.

CVSS3

5.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

EPSS

Percentile

5.1%

JSON

A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consent token mechanism with the residual scripts on the affected device. A successful exploit could allow the attacker to escalate from privilege level 15 to root privilege.

CNA Affected

[
  {
    "product": "Cisco IOS",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-FSM-Yj8qJbJc

CVSS3

5.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2021-1391