ID

VAR-202103-0550


CVE

CVE-2021-1391


TITLE

Cisco IOS XE  Active debug code vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-004894

DESCRIPTION

A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consent token mechanism with the residual scripts on the affected device. A successful exploit could allow the attacker to escalate from privilege level 15 to root privilege. Cisco IOS XE Exists in an active debug code vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco IOS XE Software is an operating system of Cisco (Cisco). A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity

Trust: 1.8

sources: NVD: CVE-2021-1391 // JVNDB: JVNDB-2021-004894 // VULHUB: VHN-374445 // VULMON: CVE-2021-1391

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:17.2.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1y

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.11.1ae

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2\(6\)i1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(5\)e2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(7\)e2b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(6\)e3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.9.2e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.11.2e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(5a\)e1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svs1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(7\)e0b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(5a\)e

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svr3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)jf13

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(6\)e

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(5b\)e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.11.2ae

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(6\)eb

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1e

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(6\)e2b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(5\)e2c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.11.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.11.0e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.0e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.1ae

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(7\)e

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(6\)e0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(6\)e2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(7\)e0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(6\)e0c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.9.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(5\)ea

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(7\)e1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(7\)e1a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(6\)e2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.0ce

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(5\)e1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(6\)e1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.1e

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(7\)e2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1f

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(5\)ex

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.11.3e

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(5\)e2b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.3e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svr2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.11.3ae

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.0\(2\)se13a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.4c

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(4\)ea10

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1w

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(5c\)e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1v

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.6

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.9.2be

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(7\)e3k

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1x

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1r

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(7b\)e0b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1z

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(5\)e

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svr1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(7\)e0s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.1se

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.5

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1za

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10.2e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1d

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(7\)e2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3h

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.1\(3\)svs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(6\)e1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1e

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(7\)e3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(7a\)e0b

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(6\)e1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1g

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.9.0e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.5f

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco iosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-004894 // NVD: CVE-2021-1391

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1391
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1391
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1391
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202103-1412
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374445
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1391
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1391
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374445
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1391
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1391
baseSeverity: MEDIUM
baseScore: 5.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-1391
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374445 // VULMON: CVE-2021-1391 // JVNDB: JVNDB-2021-004894 // CNNVD: CNNVD-202103-1412 // NVD: CVE-2021-1391 // NVD: CVE-2021-1391

PROBLEMTYPE DATA

problemtype:CWE-489

Trust: 1.1

problemtype:Active debug code (CWE-489) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374445 // JVNDB: JVNDB-2021-004894 // NVD: CVE-2021-1391

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1412

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-1412

PATCH

title:cisco-sa-XE-FSM-Yj8qJbJcurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-FSM-Yj8qJbJc

Trust: 0.8

title:Cisco IOS XE Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145062

Trust: 0.6

title:Cisco: Cisco IOS and IOS XE Software Privilege Escalation Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-XE-FSM-Yj8qJbJc

Trust: 0.1

sources: VULMON: CVE-2021-1391 // JVNDB: JVNDB-2021-004894 // CNNVD: CNNVD-202103-1412

EXTERNAL IDS

db:NVDid:CVE-2021-1391

Trust: 2.6

db:JVNDBid:JVNDB-2021-004894

Trust: 0.8

db:CNNVDid:CNNVD-202103-1412

Trust: 0.6

db:VULHUBid:VHN-374445

Trust: 0.1

db:VULMONid:CVE-2021-1391

Trust: 0.1

sources: VULHUB: VHN-374445 // VULMON: CVE-2021-1391 // JVNDB: JVNDB-2021-004894 // CNNVD: CNNVD-202103-1412 // NVD: CVE-2021-1391

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-xe-fsm-yj8qjbjc

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-1391

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/489.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374445 // VULMON: CVE-2021-1391 // JVNDB: JVNDB-2021-004894 // CNNVD: CNNVD-202103-1412 // NVD: CVE-2021-1391

SOURCES

db:VULHUBid:VHN-374445
db:VULMONid:CVE-2021-1391
db:JVNDBid:JVNDB-2021-004894
db:CNNVDid:CNNVD-202103-1412
db:NVDid:CVE-2021-1391

LAST UPDATE DATE

2024-08-14T13:23:42.345000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374445date:2021-03-30T00:00:00
db:VULMONid:CVE-2021-1391date:2021-03-30T00:00:00
db:JVNDBid:JVNDB-2021-004894date:2021-12-01T09:06:00
db:CNNVDid:CNNVD-202103-1412date:2021-03-31T00:00:00
db:NVDid:CVE-2021-1391date:2023-11-07T03:28:11.113

SOURCES RELEASE DATE

db:VULHUBid:VHN-374445date:2021-03-24T00:00:00
db:VULMONid:CVE-2021-1391date:2021-03-24T00:00:00
db:JVNDBid:JVNDB-2021-004894date:2021-12-01T00:00:00
db:CNNVDid:CNNVD-202103-1412date:2021-03-24T00:00:00
db:NVDid:CVE-2021-1391date:2021-03-24T20:15:13.993