cisco-sa-xesdwpinj-V4weeqzU

Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities

cisco-sa-xesdwpinj-V4weeqzU · Medium · Published 5 years ago · Updated 5 years ago

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xesdwpinj-V4weeqzU

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEs	CVE-2021-1383, CVE-2021-1454
Cisco Bug IDs	CSCvw64834, CSCvk59304
CVSS Score	Base 6.0 Base 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:X/RL:X/RC:X Base 5.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
Product Names From Source	Cisco IOS XE Software, Cisco IOS XE Catalyst SD-WAN, Cisco IOS XE Software 16.9.1, Cisco IOS XE Software 16.9.2, Cisco IOS XE Software 16.9.3, Cisco IOS XE Software 16.9.4, Cisco IOS XE Software 16.10.1, Cisco IOS XE Software 16.10.1a, Cisco IOS XE Software 16.10.1b, Cisco IOS XE Software 16.10.1s, Cisco IOS XE Software 16.10.1c, Cisco IOS XE Software 16.10.1e, Cisco IOS XE Software 16.10.1d, Cisco IOS XE Software 16.10.2, Cisco IOS XE Software 16.10.1f, Cisco IOS XE Software 16.10.1g, Cisco IOS XE Software 16.10.3, Cisco IOS XE Software 16.11.1, Cisco IOS XE Software 16.11.1a, Cisco IOS XE Software 16.11.1b, Cisco IOS XE Software 16.11.2, Cisco IOS XE Software 16.11.1s, Cisco IOS XE Software 16.11.1c, Cisco IOS XE Software 16.12.1, Cisco IOS XE Software 16.12.1s, Cisco IOS XE Software 16.12.1a, Cisco IOS XE Software 16.12.1c, Cisco IOS XE Software 16.12.1w, Cisco IOS XE Software 16.12.2, Cisco IOS XE Software 16.12.1y, Cisco IOS XE Software 16.12.2a, Cisco IOS XE Software 16.12.3, Cisco IOS XE Software 16.12.2s, Cisco IOS XE Software 16.12.1x, Cisco IOS XE Software 16.12.1t, Cisco IOS XE Software 16.12.2t, Cisco IOS XE Software 16.12.4, Cisco IOS XE Software 16.12.3s, Cisco IOS XE Software 16.12.1z, Cisco IOS XE Software 16.12.3a, Cisco IOS XE Software 16.12.4a, Cisco IOS XE Software 16.12.5, Cisco IOS XE Software 16.12.1z1, Cisco IOS XE Software 17.1.1, Cisco IOS XE Software 17.1.1a, Cisco IOS XE Software 17.1.1s, Cisco IOS XE Software 17.1.2, Cisco IOS XE Software 17.1.1t, Cisco IOS XE Software 17.1.3, Cisco IOS XE Software 17.2.1, Cisco IOS XE Software 17.2.1r, Cisco IOS XE Software 17.2.1a, Cisco IOS XE Software 17.2.1v, Cisco IOS XE Software 17.2.2, Cisco IOS XE Software 17.3.1, Cisco IOS XE Software 17.3.2, Cisco IOS XE Software 17.3.1a, Cisco IOS XE Software 17.3.1w, Cisco IOS XE Software 17.3.2a, Cisco IOS XE Software 17.3.1x, Cisco IOS XE Software 17.4.1, Cisco IOS XE Software 17.4.1a, Cisco IOS XE Software 17.4.1c, Cisco IOS XE Software 17.11.99SW

Related Products

Product	CVE	Evidence
Cisco IOS	CVE-2021-1454	Cisco OpenVuln
Cisco IOS	CVE-2021-1383	Cisco OpenVuln
Cisco IOS XE Software	CVE-2021-1454	Cisco OpenVuln
Cisco IOS XE Software	CVE-2021-1383	Cisco OpenVuln
Cisco IOS XE Catalyst SD-WAN	CVE-2021-1454	Cisco OpenVuln
Cisco IOS XE Catalyst SD-WAN	CVE-2021-1383	Cisco OpenVuln
Cisco Catalyst 9600 Series Switches	CVE-2021-1454	Cisco OpenVuln · software-dependent
Cisco Catalyst 9600 Series Switches	CVE-2021-1383	Cisco OpenVuln · software-dependent
Cisco Catalyst 9500 Series Switches	CVE-2021-1454	Cisco OpenVuln · software-dependent
Cisco Catalyst 9500 Series Switches	CVE-2021-1383	Cisco OpenVuln · software-dependent
Cisco Catalyst 9400 Series Switches	CVE-2021-1454	Cisco OpenVuln · software-dependent
Cisco Catalyst 9400 Series Switches	CVE-2021-1383	Cisco OpenVuln · software-dependent
Cisco Catalyst 9200 Series Switches	CVE-2021-1454	Cisco OpenVuln · software-dependent
Cisco Catalyst 9200 Series Switches	CVE-2021-1383	Cisco OpenVuln · software-dependent
Cisco Catalyst 9300 Series Switches	CVE-2021-1454	Cisco OpenVuln · software-dependent
Cisco Catalyst 9300 Series Switches	CVE-2021-1383	Cisco OpenVuln · software-dependent

Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities

Workarounds

Related Products