ID

VAR-202103-0764


CVE

CVE-2021-1454


TITLE

Cisco IOS XE SD-WAN  Argument insertion or modification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-004756

DESCRIPTION

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges. Cisco IOS XE SD-WAN Is vulnerable to the insertion or modification of arguments.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco IOS XE SD-WAN Software is a software for network management (software-defined networking) applied to the Cisco IOS XE network operating system from Cisco

Trust: 1.8

sources: NVD: CVE-2021-1454 // JVNDB: JVNDB-2021-004756 // VULHUB: VHN-374508 // VULMON: CVE-2021-1454

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion: -

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope:eqversion: -

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xe sd-wanscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xe sd-wanscope:eqversion:cisco ios xe

Trust: 0.8

sources: JVNDB: JVNDB-2021-004756 // NVD: CVE-2021-1454

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1454
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1454
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1454
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202103-1389
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374508
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1454
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1454
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374508
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1454
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1454
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-1454
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374508 // VULMON: CVE-2021-1454 // JVNDB: JVNDB-2021-004756 // CNNVD: CNNVD-202103-1389 // NVD: CVE-2021-1454 // NVD: CVE-2021-1454

PROBLEMTYPE DATA

problemtype:CWE-88

Trust: 1.1

problemtype:CWE-20

Trust: 1.0

problemtype:Insert or change arguments (CWE-88) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-374508 // JVNDB: JVNDB-2021-004756 // NVD: CVE-2021-1454

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1389

TYPE

parameter injection

Trust: 0.6

sources: CNNVD: CNNVD-202103-1389

PATCH

title:cisco-sa-xesdwpinj-V4weeqzUurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xesdwpinj-V4weeqzU

Trust: 0.8

title:Cisco IOS XE SD-WAN Software Repair measures for parameter injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145694

Trust: 0.6

title:Cisco: Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-xesdwpinj-V4weeqzU

Trust: 0.1

sources: VULMON: CVE-2021-1454 // JVNDB: JVNDB-2021-004756 // CNNVD: CNNVD-202103-1389

EXTERNAL IDS

db:NVDid:CVE-2021-1454

Trust: 2.6

db:JVNDBid:JVNDB-2021-004756

Trust: 0.8

db:CNNVDid:CNNVD-202103-1389

Trust: 0.6

db:VULHUBid:VHN-374508

Trust: 0.1

db:VULMONid:CVE-2021-1454

Trust: 0.1

sources: VULHUB: VHN-374508 // VULMON: CVE-2021-1454 // JVNDB: JVNDB-2021-004756 // CNNVD: CNNVD-202103-1389 // NVD: CVE-2021-1454

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-xesdwpinj-v4weeqzu

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-1454

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/88.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/198693

Trust: 0.1

sources: VULHUB: VHN-374508 // VULMON: CVE-2021-1454 // JVNDB: JVNDB-2021-004756 // CNNVD: CNNVD-202103-1389 // NVD: CVE-2021-1454

SOURCES

db:VULHUBid:VHN-374508
db:VULMONid:CVE-2021-1454
db:JVNDBid:JVNDB-2021-004756
db:CNNVDid:CNNVD-202103-1389
db:NVDid:CVE-2021-1454

LAST UPDATE DATE

2024-11-23T23:01:04.128000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374508date:2021-03-29T00:00:00
db:VULMONid:CVE-2021-1454date:2021-03-29T00:00:00
db:JVNDBid:JVNDB-2021-004756date:2021-11-29T09:16:00
db:CNNVDid:CNNVD-202103-1389date:2021-03-30T00:00:00
db:NVDid:CVE-2021-1454date:2024-11-21T05:44:24.023

SOURCES RELEASE DATE

db:VULHUBid:VHN-374508date:2021-03-24T00:00:00
db:VULMONid:CVE-2021-1454date:2021-03-24T00:00:00
db:JVNDBid:JVNDB-2021-004756date:2021-11-29T00:00:00
db:CNNVDid:CNNVD-202103-1389date:2021-03-24T00:00:00
db:NVDid:CVE-2021-1454date:2021-03-24T20:15:15.697