A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain sensitive information within the configuration that otherwise might not have been accessible beyond the privileges of the invoking user.
References
Link | Resource |
---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-infodisc-4mtm9Gyt | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Feb 2021, 20:06
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CPE | cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:ios_xr:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:ios_xr:7.3.0:*:*:*:*:*:*:* |
|
References | (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-infodisc-4mtm9Gyt - Vendor Advisory |
04 Feb 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain sensitive information within the configuration that otherwise might not have been accessible beyond the privileges of the invoking user. |
04 Feb 2021, 18:27
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-04 17:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-1128
Mitre link : CVE-2021-1128
CVE.ORG link : CVE-2021-1128
JSON object : View
Products Affected
cisco
- ios_xr
CWE
CWE-201
Insertion of Sensitive Information Into Sent Data