1. Home
  2. CVE Database
  3. CVE-2021-1371
MEDIUM · 6.6

CVE-2021-1371

A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the...

Vulnerability Description

A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs because the default configuration is applied for console authentication and authorization. An attacker could exploit this vulnerability by connecting to the console port and authenticating as a read-only user. A successful exploit could allow a user with read-only permissions to access administrative privileges.

CVSS Score

6.6

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CiscoIos Xe Sd-Wan17.2.0
CiscoCloud Services Router 1000V-
Cisco1100 Integrated Services Router-
Cisco1101 Integrated Services Router-
Cisco1109 Integrated Services Router-
Cisco1111X Integrated Services Router-
Cisco111X Integrated Services Router-
Cisco1120 Integrated Services Router-
Cisco1160 Integrated Services Router-
Cisco4221 Integrated Services Router-
Cisco4321 Integrated Services Router-
Cisco4331 Integrated Services Router-
Cisco4351 Integrated Services Router-
Cisco4431 Integrated Services Router-
Cisco4451 Integrated Services Router-
Cisco4461 Integrated Services Router-
CiscoAsr 1000-

Related Weaknesses (CWE)

CWE-269

References

FAQ

What is CVE-2021-1371?

CVE-2021-1371 is a vulnerability with a CVSS score of 6.6 (MEDIUM). A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the...

How severe is CVE-2021-1371?

CVE-2021-1371 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-1371?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe Sd-Wan, Cisco Cloud Services Router 1000V, Cisco 1100 Integrated Services Router, Cisco 1101 Integrated Services Router, Cisco 1109 Integrated Services Router.