Details of VAR-202103-0550

ID

VAR-202103-0550

CVE

CVE-2021-1391

TITLE

Cisco IOS XE Active debug code vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-004894

DESCRIPTION

A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consent token mechanism with the residual scripts on the affected device. A successful exploit could allow the attacker to escalate from privilege level 15 to root privilege. Cisco IOS XE Exists in an active debug code vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco IOS XE Software is an operating system of Cisco (Cisco). A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity

Trust: 1.8

sources: NVD: CVE-2021-1391 // JVNDB: JVNDB-2021-004894 // VULHUB: VHN-374445 // VULMON: CVE-2021-1391

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1y	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11.1ae	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.2\(6\)i1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(5\)e2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7\)e2b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(6\)e3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9.2e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11.2e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(5a\)e1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(3\)svs1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7\)e0b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(5a\)e	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(3\)svr3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)jf13	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(6\)e	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(5b\)e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11.2ae	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(6\)eb	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1e	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(6\)e2b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(5\)e2c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11.0e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.0e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1d	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.1ae	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7\)e	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(6\)e0a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(6\)e2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7\)e0a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(6\)e0c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(5\)ea	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7\)e1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7\)e1a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(6\)e2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.0ce	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(5\)e1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(6\)e1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.1e	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7\)e2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1f	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(5\)ex	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11.3e	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(5\)e2b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.3e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.4	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(3\)svr2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11.3ae	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(2\)se13a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.4c	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(4\)ea10	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1w	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(5c\)e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1v	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9.2be	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7\)e3k	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1x	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1r	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7b\)e0b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1z	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(5\)e	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(3\)svr1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7\)e0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.1se	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1za	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.2e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1d	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7\)e2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3h	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(3\)svs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(6\)e1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1e	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7\)e3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7a\)e0b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(6\)e1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1d	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1g	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9.0e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.5f	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-004894 // NVD: CVE-2021-1391

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1391
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1391
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1391
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202103-1412
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374445
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-1391
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1391
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374445
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1391
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1391
baseSeverity:	MEDIUM
baseScore:	5.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1391
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374445 // VULMON: CVE-2021-1391 // JVNDB: JVNDB-2021-004894 // CNNVD: CNNVD-202103-1412 // NVD: CVE-2021-1391 // NVD: CVE-2021-1391

PROBLEMTYPE DATA

problemtype:	CWE-489	Trust: 1.1
problemtype:	Active debug code (CWE-489) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374445 // JVNDB: JVNDB-2021-004894 // NVD: CVE-2021-1391

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1412

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-1412

PATCH

title:	cisco-sa-XE-FSM-Yj8qJbJc	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-FSM-Yj8qJbJc	Trust: 0.8
title:	Cisco IOS XE Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145062	Trust: 0.6
title:	Cisco: Cisco IOS and IOS XE Software Privilege Escalation Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-XE-FSM-Yj8qJbJc	Trust: 0.1

sources: VULMON: CVE-2021-1391 // JVNDB: JVNDB-2021-004894 // CNNVD: CNNVD-202103-1412

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1391	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-004894	Trust: 0.8
db:	CNNVD	id:	CNNVD-202103-1412	Trust: 0.6
db:	VULHUB	id:	VHN-374445	Trust: 0.1
db:	VULMON	id:	CVE-2021-1391	Trust: 0.1

sources: VULHUB: VHN-374445 // VULMON: CVE-2021-1391 // JVNDB: JVNDB-2021-004894 // CNNVD: CNNVD-202103-1412 // NVD: CVE-2021-1391

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-xe-fsm-yj8qjbjc	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1391	Trust: 1.4
url:	https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/489.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374445 // VULMON: CVE-2021-1391 // JVNDB: JVNDB-2021-004894 // CNNVD: CNNVD-202103-1412 // NVD: CVE-2021-1391

SOURCES

db:	VULHUB	id:	VHN-374445
db:	VULMON	id:	CVE-2021-1391
db:	JVNDB	id:	JVNDB-2021-004894
db:	CNNVD	id:	CNNVD-202103-1412
db:	NVD	id:	CVE-2021-1391

LAST UPDATE DATE

2024-08-14T13:23:42.345000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374445	date:	2021-03-30T00:00:00
db:	VULMON	id:	CVE-2021-1391	date:	2021-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-004894	date:	2021-12-01T09:06:00
db:	CNNVD	id:	CNNVD-202103-1412	date:	2021-03-31T00:00:00
db:	NVD	id:	CVE-2021-1391	date:	2023-11-07T03:28:11.113

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374445	date:	2021-03-24T00:00:00
db:	VULMON	id:	CVE-2021-1391	date:	2021-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-004894	date:	2021-12-01T00:00:00
db:	CNNVD	id:	CNNVD-202103-1412	date:	2021-03-24T00:00:00
db:	NVD	id:	CVE-2021-1391	date:	2021-03-24T20:15:13.993