ID

VAR-202103-0773


CVE

CVE-2021-1435


TITLE

Cisco IOS XE  Traversal Vulnerability in Japan

Trust: 0.8

sources: JVNDB: JVNDB-2021-004764

DESCRIPTION

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web UI of an affected device with arbitrary commands injected into a portion of the request. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Cisco IOS XE Exists in a past traversal vulnerabilityInformation is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco IOS XE Software is an operating system of Cisco (Cisco). A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity

Trust: 1.8

sources: NVD: CVE-2021-1435 // JVNDB: JVNDB-2021-004764 // VULHUB: VHN-374489 // VULMON: CVE-2021-1435

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.10.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1f

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3h

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.5f

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.4c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.5

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1v

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1g

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.6

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1d

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-004764 // NVD: CVE-2021-1435

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1435
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1435
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1435
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202103-1396
value: HIGH

Trust: 0.6

VULHUB: VHN-374489
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1435
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1435
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374489
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1435
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1435
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.7
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2021-1435
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374489 // VULMON: CVE-2021-1435 // JVNDB: JVNDB-2021-004764 // CNNVD: CNNVD-202103-1396 // NVD: CVE-2021-1435 // NVD: CVE-2021-1435

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:Path traversal (CWE-22) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374489 // JVNDB: JVNDB-2021-004764 // NVD: CVE-2021-1435

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1396

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202103-1396

PATCH

title:cisco-sa-iosxe-webcmdinjsh-UFJxTgZDurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webcmdinjsh-UFJxTgZD

Trust: 0.8

title:Cisco IOS XE Software Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145700

Trust: 0.6

title:Cisco: Cisco IOS XE Software Web UI Command Injection Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iosxe-webcmdinjsh-UFJxTgZD

Trust: 0.1

sources: VULMON: CVE-2021-1435 // JVNDB: JVNDB-2021-004764 // CNNVD: CNNVD-202103-1396

EXTERNAL IDS

db:NVDid:CVE-2021-1435

Trust: 2.6

db:JVNDBid:JVNDB-2021-004764

Trust: 0.8

db:CNNVDid:CNNVD-202103-1396

Trust: 0.6

db:CNVDid:CNVD-2021-24467

Trust: 0.1

db:VULHUBid:VHN-374489

Trust: 0.1

db:VULMONid:CVE-2021-1435

Trust: 0.1

sources: VULHUB: VHN-374489 // VULMON: CVE-2021-1435 // JVNDB: JVNDB-2021-004764 // CNNVD: CNNVD-202103-1396 // NVD: CVE-2021-1435

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iosxe-webcmdinjsh-ufjxtgzd

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-1435

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374489 // VULMON: CVE-2021-1435 // JVNDB: JVNDB-2021-004764 // CNNVD: CNNVD-202103-1396 // NVD: CVE-2021-1435

SOURCES

db:VULHUBid:VHN-374489
db:VULMONid:CVE-2021-1435
db:JVNDBid:JVNDB-2021-004764
db:CNNVDid:CNNVD-202103-1396
db:NVDid:CVE-2021-1435

LAST UPDATE DATE

2024-11-23T23:11:07.203000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374489date:2021-03-29T00:00:00
db:VULMONid:CVE-2021-1435date:2021-03-29T00:00:00
db:JVNDBid:JVNDB-2021-004764date:2021-11-29T09:16:00
db:CNNVDid:CNNVD-202103-1396date:2021-03-30T00:00:00
db:NVDid:CVE-2021-1435date:2024-11-21T05:44:21.453

SOURCES RELEASE DATE

db:VULHUBid:VHN-374489date:2021-03-24T00:00:00
db:VULMONid:CVE-2021-1435date:2021-03-24T00:00:00
db:JVNDBid:JVNDB-2021-004764date:2021-11-29T00:00:00
db:CNNVDid:CNNVD-202103-1396date:2021-03-24T00:00:00
db:NVDid:CVE-2021-1435date:2021-03-24T20:15:14.760