ID

VAR-202103-0543


CVE

CVE-2021-1383


TITLE

Cisco IOS XE SD-WAN  Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-004891

DESCRIPTION

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges. Cisco IOS XE SD-WAN Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco IOS XE SD-WAN Software is a software for network management (software-defined networking) applied to the Cisco IOS XE network operating system from Cisco

Trust: 1.8

sources: NVD: CVE-2021-1383 // JVNDB: JVNDB-2021-004891 // VULHUB: VHN-374437 // VULMON: CVE-2021-1383

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:17.2.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1y

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1w

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.4.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1w

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1v

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1x

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1x

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1r

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1c

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.5b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1z

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1za

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.4.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.4a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1z1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1g

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.5

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1f

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xe sd-wanscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-004891 // NVD: CVE-2021-1383

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1383
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1383
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1383
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202103-1414
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374437
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1383
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1383
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374437
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1383
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1383
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-1383
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374437 // VULMON: CVE-2021-1383 // JVNDB: JVNDB-2021-004891 // CNNVD: CNNVD-202103-1414 // NVD: CVE-2021-1383 // NVD: CVE-2021-1383

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-88

Trust: 1.1

problemtype:Incorrect input confirmation (CWE-20) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374437 // JVNDB: JVNDB-2021-004891 // NVD: CVE-2021-1383

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1414

TYPE

parameter injection

Trust: 0.6

sources: CNNVD: CNNVD-202103-1414

PATCH

title:cisco-sa-xesdwpinj-V4weeqzUurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xesdwpinj-V4weeqzU

Trust: 0.8

title:Cisco IOS XE SD-WAN Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145714

Trust: 0.6

title:Cisco: Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-xesdwpinj-V4weeqzU

Trust: 0.1

sources: VULMON: CVE-2021-1383 // JVNDB: JVNDB-2021-004891 // CNNVD: CNNVD-202103-1414

EXTERNAL IDS

db:NVDid:CVE-2021-1383

Trust: 2.6

db:JVNDBid:JVNDB-2021-004891

Trust: 0.8

db:CNNVDid:CNNVD-202103-1414

Trust: 0.6

db:VULHUBid:VHN-374437

Trust: 0.1

db:VULMONid:CVE-2021-1383

Trust: 0.1

sources: VULHUB: VHN-374437 // VULMON: CVE-2021-1383 // JVNDB: JVNDB-2021-004891 // CNNVD: CNNVD-202103-1414 // NVD: CVE-2021-1383

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-xesdwpinj-v4weeqzu

Trust: 2.4

url:https://github.com/orangecertcc/security-research/security/advisories/ghsa-vw54-f9mw-g46r

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-1383

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/198692

Trust: 0.1

sources: VULHUB: VHN-374437 // VULMON: CVE-2021-1383 // JVNDB: JVNDB-2021-004891 // CNNVD: CNNVD-202103-1414 // NVD: CVE-2021-1383

SOURCES

db:VULHUBid:VHN-374437
db:VULMONid:CVE-2021-1383
db:JVNDBid:JVNDB-2021-004891
db:CNNVDid:CNNVD-202103-1414
db:NVDid:CVE-2021-1383

LAST UPDATE DATE

2024-08-14T15:42:56.513000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374437date:2022-09-20T00:00:00
db:VULMONid:CVE-2021-1383date:2021-03-30T00:00:00
db:JVNDBid:JVNDB-2021-004891date:2021-12-01T09:06:00
db:CNNVDid:CNNVD-202103-1414date:2022-09-21T00:00:00
db:NVDid:CVE-2021-1383date:2023-11-07T03:28:09.230

SOURCES RELEASE DATE

db:VULHUBid:VHN-374437date:2021-03-24T00:00:00
db:VULMONid:CVE-2021-1383date:2021-03-24T00:00:00
db:JVNDBid:JVNDB-2021-004891date:2021-12-01T00:00:00
db:CNNVDid:CNNVD-202103-1414date:2021-03-24T00:00:00
db:NVDid:CVE-2021-1383date:2021-03-24T20:15:13.667