Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

CVE-2021-1435

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web UI of an affected device with arbitrary commands injected into a portion of the request. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

SeverityHIGH
CVSS7.2
CWECWE-22
KEV No
Published
Modified

Related Products

Product Advisory Evidence
Cisco IOS cisco-sa-iosxe-webcmdinjsh-UFJxTgZD Cisco OpenVuln
Cisco IOS XE Software cisco-sa-iosxe-webcmdinjsh-UFJxTgZD Cisco OpenVuln
Cisco IOS XE Catalyst SD-WAN cisco-sa-iosxe-webcmdinjsh-UFJxTgZD Cisco OpenVuln
Cisco Catalyst 9600 Series Switches cisco-sa-iosxe-webcmdinjsh-UFJxTgZD Cisco OpenVuln · software-dependent
Cisco Catalyst 9500 Series Switches cisco-sa-iosxe-webcmdinjsh-UFJxTgZD Cisco OpenVuln · software-dependent
Cisco Catalyst 9400 Series Switches cisco-sa-iosxe-webcmdinjsh-UFJxTgZD Cisco OpenVuln · software-dependent
Cisco Catalyst 9200 Series Switches cisco-sa-iosxe-webcmdinjsh-UFJxTgZD Cisco OpenVuln · software-dependent
Cisco Catalyst 9300 Series Switches cisco-sa-iosxe-webcmdinjsh-UFJxTgZD Cisco OpenVuln · software-dependent