ID

VAR-202103-0777


CVE

CVE-2021-1441


TITLE

Cisco IOS XE   In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-004762

DESCRIPTION

A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. This vulnerability is due to incorrect validations of parameters passed to a diagnostic script that is executed when the device boots up. An attacker could exploit this vulnerability by tampering with an executable file stored on a device. A successful exploit could allow the attacker to execute unsigned code at boot time and bypass the software image verification check part of the secure boot process of an affected device. To exploit this vulnerability, the attacker would need administrative level credentials (level 15) on the device. Cisco IOS XE Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco IOS XE is a set of modular operating system based on Linux kernel developed by American Cisco company for its network equipment. Attackers can use this vulnerability to execute unsigned code when the system is started

Trust: 2.25

sources: NVD: CVE-2021-1441 // JVNDB: JVNDB-2021-004762 // CNVD: CNVD-2021-22188 // VULMON: CVE-2021-1441

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-22188

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.12.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1za

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.2xbs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1v

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.1xbs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1r

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2s

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xescope:eqversion: -

Trust: 0.8

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-22188 // JVNDB: JVNDB-2021-004762 // NVD: CVE-2021-1441

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1441
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1441
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1441
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-22188
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202103-1401
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-1441
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1441
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-22188
severity: MEDIUM
baseScore: 6.5
vectorString: AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-1441
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2021-1441
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-22188 // VULMON: CVE-2021-1441 // JVNDB: JVNDB-2021-004762 // CNNVD: CNNVD-202103-1401 // NVD: CVE-2021-1441 // NVD: CVE-2021-1441

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-004762 // NVD: CVE-2021-1441

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1401

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202103-1401

PATCH

title:cisco-sa-ios-xe-iot-codexec-k46EFF6qurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-iot-codexec-k46EFF6q

Trust: 0.8

title:Patch for Cisco IOS XE arbitrary code execution vulnerability (CNVD-2021-22188)url:https://www.cnvd.org.cn/patchInfo/show/254821

Trust: 0.6

title:Cisco IOS XE Software Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145704

Trust: 0.6

title:Cisco: Cisco IOS XE Software Hardware Initialization Routines Arbitrary Code Execution Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ios-xe-iot-codexec-k46EFF6q

Trust: 0.1

sources: CNVD: CNVD-2021-22188 // VULMON: CVE-2021-1441 // JVNDB: JVNDB-2021-004762 // CNNVD: CNNVD-202103-1401

EXTERNAL IDS

db:NVDid:CVE-2021-1441

Trust: 3.1

db:JVNDBid:JVNDB-2021-004762

Trust: 0.8

db:CNVDid:CNVD-2021-22188

Trust: 0.6

db:CNNVDid:CNNVD-202103-1401

Trust: 0.6

db:VULMONid:CVE-2021-1441

Trust: 0.1

sources: CNVD: CNVD-2021-22188 // VULMON: CVE-2021-1441 // JVNDB: JVNDB-2021-004762 // CNNVD: CNNVD-202103-1401 // NVD: CVE-2021-1441

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-1441

Trust: 2.0

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ios-xe-iot-codexec-k46eff6q

Trust: 1.7

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.2

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/198731

Trust: 0.1

sources: CNVD: CNVD-2021-22188 // VULMON: CVE-2021-1441 // JVNDB: JVNDB-2021-004762 // CNNVD: CNNVD-202103-1401 // NVD: CVE-2021-1441

SOURCES

db:CNVDid:CNVD-2021-22188
db:VULMONid:CVE-2021-1441
db:JVNDBid:JVNDB-2021-004762
db:CNNVDid:CNNVD-202103-1401
db:NVDid:CVE-2021-1441

LAST UPDATE DATE

2024-08-14T14:25:26.654000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-22188date:2021-03-25T00:00:00
db:VULMONid:CVE-2021-1441date:2021-03-29T00:00:00
db:JVNDBid:JVNDB-2021-004762date:2021-11-29T09:16:00
db:CNNVDid:CNNVD-202103-1401date:2021-03-30T00:00:00
db:NVDid:CVE-2021-1441date:2023-11-07T03:28:19.263

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-22188date:2021-03-25T00:00:00
db:VULMONid:CVE-2021-1441date:2021-03-24T00:00:00
db:JVNDBid:JVNDB-2021-004762date:2021-11-29T00:00:00
db:CNNVDid:CNNVD-202103-1401date:2021-03-24T00:00:00
db:NVDid:CVE-2021-1441date:2021-03-24T20:15:15.040