CVE-2021-1529 — Vulnetix

CVE-2021-1529 PUBLISHED CVSS 7.800000190734863 HIGH

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

EPSS 0.05% · 15.0th percentile

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.05%

15.0th percentile

Affected Products

Vendor	Product	Versions
cisco	ios_xe	16.12, 17.2, 17.4
cisco	ios_xe_sd-wan	17.2.1r
Cisco	IOS XE
Cisco	Cisco IOS XE SD-WAN Software	n/a

Exploit Intelligence

20211020 Cisco IOS XE SD-WAN Software Command Injection Vulnerability (circl)

Timeline

Oct 21, 2021 EPSS Score
Oct 21, 2021 CVE Published
Dec 16, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 10, 2022 EPSS Score
Apr 8, 2022 EPSS Score
Jun 3, 2022 EPSS Score
Jul 30, 2022 EPSS Score
Sep 24, 2022 EPSS Score
Jan 15, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 12, 2023 EPSS Score

References

20211020 Cisco IOS XE SD-WAN Software Command Injection Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-1529 advisory

Open in Interactive Console →