Vulnerability Description
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xe | 16.9.1 |
| Cisco | Ios Xe Sd-Wan | All versions |
Related Weaknesses (CWE)
References
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-vw54-ExploitThird Party Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xVendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-vw54-ExploitThird Party Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xVendor Advisory
FAQ
What is CVE-2021-1383?
CVE-2021-1383 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities a...
How severe is CVE-2021-1383?
CVE-2021-1383 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-1383?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Cisco Ios Xe Sd-Wan.