VDB
CVE-2021-1385
CVE-2021-1385
PUBLISHED
CVSS 6.5 MEDIUM
A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the device does not properly validate URIs in IOx API requests. An attacker could exploit this vulnerability by sending a crafted API request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system.
EPSS 0.23% · 45.9th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.23%
45.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | ios_xe | 16.11.1, 16.11.1a, 16.11.1b |
| Cisco | Cisco IOS | n/a |
| cisco | ios | 15.8\(3\)m2a, 15.8\(3\)m3, 15.8\(3\)m5 |
Exploit Intelligence
Timeline
- Mar 24, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score