Vulnerability Description
A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this vulnerability, an attacker would need to have a valid account on an affected device. The vulnerability is due to insufficient validation of command line arguments. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the prompt. A successful exploit could allow an attacker with low-level privileges to escalate their privilege level to root.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xr | < 7.0.12 |
| Cisco | 8201 | - |
| Cisco | 8202 | - |
| Cisco | 8808 | - |
| Cisco | 8812 | - |
| Cisco | 8818 | - |
| Cisco | Ncs 540 | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iVendor Advisory
FAQ
What is CVE-2021-1370?
CVE-2021-1370 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticat...
How severe is CVE-2021-1370?
CVE-2021-1370 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-1370?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xr, Cisco 8201, Cisco 8202, Cisco 8808, Cisco 8812.