Ios Xe Sd Wan
CVE-2021-1371
MEDIUM
Severity by source
AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs because the default configuration is applied for console authentication and authorization. An attacker could exploit this vulnerability by connecting to the console port and authenticating as a read-only user. A successful exploit could allow a user with read-only permissions to access administrative privileges.
AnalysisAI
A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs because the default configuration is applied for console authentication and authorization. An attacker could exploit this vulnerability by connecting to the console port and authenticating as a read-only user. A successful exploit could allow a user with read-only permissions to access administrative privileges. Affected products include: Cisco Ios Xe Sd-Wan.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.
More in Ios Xe Sd Wan
View allA vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Softwa
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to acce
A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker t
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks aga
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks aga
A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer over
A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow
A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Ci
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of s
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of s
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of s
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbit
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today