ID

VAR-202103-0546


CVE

CVE-2021-1390


TITLE

Cisco IOS XE  Vulnerability regarding the state where any value can be written to any location in

Trust: 0.8

sources: JVNDB: JVNDB-2021-004893

DESCRIPTION

A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This vulnerability exists because the affected software permits modification of the run-time memory of an affected device under specific circumstances. An attacker could exploit this vulnerability by authenticating to the affected device and issuing a specific diagnostic test command at the CLI. A successful exploit could trigger a logic error in the code that was designed to restrict run-time memory modifications. The attacker could take advantage of this logic error to overwrite system memory locations and execute arbitrary code on the underlying Linux operating system (OS) of the affected device. Cisco IOS XE Exists in a state where any value can be written to any location.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco IOS XE Software is an operating system of Cisco (Cisco). A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity

Trust: 1.8

sources: NVD: CVE-2021-1390 // JVNDB: JVNDB-2021-004893 // VULHUB: VHN-374444 // VULMON: CVE-2021-1390

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:17.2.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1y

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.4c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1w

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1v

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.6

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1x

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1r

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1z

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.5

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1za

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3h

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.4a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1g

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.5f

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1f

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2a

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-004893 // NVD: CVE-2021-1390

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1390
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1390
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1390
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202103-1410
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374444
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1390
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1390
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374444
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1390
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1390
baseSeverity: MEDIUM
baseScore: 5.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-1390
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374444 // VULMON: CVE-2021-1390 // JVNDB: JVNDB-2021-004893 // CNNVD: CNNVD-202103-1410 // NVD: CVE-2021-1390 // NVD: CVE-2021-1390

PROBLEMTYPE DATA

problemtype:CWE-123

Trust: 1.1

problemtype:A state in which any value can be written to any location (CWE-123) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374444 // JVNDB: JVNDB-2021-004893 // NVD: CVE-2021-1390

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1410

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-1410

PATCH

title:cisco-sa-XE-OFP-6Nezgn7burl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-OFP-6Nezgn7b

Trust: 0.8

title:Cisco IOS XE Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145060

Trust: 0.6

title:Cisco: Cisco IOS XE Software Local Privilege Escalation Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-XE-OFP-6Nezgn7b

Trust: 0.1

sources: VULMON: CVE-2021-1390 // JVNDB: JVNDB-2021-004893 // CNNVD: CNNVD-202103-1410

EXTERNAL IDS

db:NVDid:CVE-2021-1390

Trust: 2.6

db:JVNDBid:JVNDB-2021-004893

Trust: 0.8

db:CNNVDid:CNNVD-202103-1410

Trust: 0.6

db:CNVDid:CNVD-2021-24469

Trust: 0.1

db:VULHUBid:VHN-374444

Trust: 0.1

db:VULMONid:CVE-2021-1390

Trust: 0.1

sources: VULHUB: VHN-374444 // VULMON: CVE-2021-1390 // JVNDB: JVNDB-2021-004893 // CNNVD: CNNVD-202103-1410 // NVD: CVE-2021-1390

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-xe-ofp-6nezgn7b

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-1390

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/123.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374444 // VULMON: CVE-2021-1390 // JVNDB: JVNDB-2021-004893 // CNNVD: CNNVD-202103-1410 // NVD: CVE-2021-1390

SOURCES

db:VULHUBid:VHN-374444
db:VULMONid:CVE-2021-1390
db:JVNDBid:JVNDB-2021-004893
db:CNNVDid:CNNVD-202103-1410
db:NVDid:CVE-2021-1390

LAST UPDATE DATE

2024-08-14T14:25:26.934000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374444date:2021-03-30T00:00:00
db:VULMONid:CVE-2021-1390date:2021-03-30T00:00:00
db:JVNDBid:JVNDB-2021-004893date:2021-12-01T09:06:00
db:CNNVDid:CNNVD-202103-1410date:2021-03-31T00:00:00
db:NVDid:CVE-2021-1390date:2023-11-07T03:28:10.913

SOURCES RELEASE DATE

db:VULHUBid:VHN-374444date:2021-03-24T00:00:00
db:VULMONid:CVE-2021-1390date:2021-03-24T00:00:00
db:JVNDBid:JVNDB-2021-004893date:2021-12-01T00:00:00
db:CNNVDid:CNNVD-202103-1410date:2021-03-24T00:00:00
db:NVDid:CVE-2021-1390date:2021-03-24T20:15:13.917