CVE-2021-1485

Cisco IOS XR Software Command Injection Vulnerability

CVSS 6.6 MEDIUMEPSS 0.3%CWE-88

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.6EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

08 abr 2021Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system (OS) of an affected device. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to an affected command. A successful exploit could allow the attacker to execute commands on the underlying Linux OS with root privileges.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Produtos afetados

Cisco · Cisco IOS XR Software

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cmdinj-vsKGherc