CVE-2021-1371

A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs because the default configuration is applied for console authentication and authorization. An attacker could exploit this vulnerability by connecting to the console port and authenticating as a read-only user. A successful exploit could allow a user with read-only permissions to access administrative privileges.

CVSS v3 6.6 MEDIUM
CVSS v2.0 7.2 HIGH

6.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-esc-rSNVvTf9	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:ios_xe_sd-wan:17.2.0:*:*:*:*:*:*:*

OR	cpe:2.3:a:cisco:cloud_services_router_1000v:-:::::::*
	cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1101_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1111x_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:111x_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1120_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1160_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4221_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4321_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4331_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4351_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4431_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4451_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4461_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:asr_1000:-:::::::*

History

22 May 2023, 18:57

Type	Values Removed	Values Added
First Time		Cisco 4321 Integrated Services Router Cisco 1120 Integrated Services Router Cisco 1111x Integrated Services Router Cisco 4331 Integrated Services Router Cisco 4221 Integrated Services Router Cisco 4351 Integrated Services Router Cisco 1100 Integrated Services Router Cisco 4451 Integrated Services Router Cisco 111x Integrated Services Router Cisco 1109 Integrated Services Router Cisco 4461 Integrated Services Router Cisco 1101 Integrated Services Router Cisco 1160 Integrated Services Router Cisco 4431 Integrated Services Router
CPE	cpe:2.3:h:cisco:isr_1101:-:::::::* cpe:2.3:h:cisco:isr_4431:-:::::::* cpe:2.3:h:cisco:isr_4461:-:::::::* cpe:2.3:h:cisco:isr_1111x:-:::::::* cpe:2.3:h:cisco:isr_4221:-:::::::* cpe:2.3:h:cisco:isr_4351:-:::::::* cpe:2.3:h:cisco:isr_1160:-:::::::* cpe:2.3:h:cisco:isr_4451:-:::::::* cpe:2.3:h:cisco:isr_1109:-:::::::* cpe:2.3:h:cisco:isr_1120:-:::::::* cpe:2.3:h:cisco:isr_4321:-:::::::* cpe:2.3:h:cisco:isr_4331:-:::::::* cpe:2.3:h:cisco:isr_111x:-:::::::* cpe:2.3:h:cisco:isr_1100:-:::::::*	cpe:2.3:h:cisco:1111x_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1120_integrated_services_router:-:::::::* cpe:2.3:h:cisco:111x_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1101_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4321_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4221_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1160_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4451_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4331_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1109_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4461_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4431_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4351_integrated_services_router:-:::::::*

31 Mar 2021, 13:08

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 6.6
CPE		cpe:2.3:h:cisco:isr_1120:-:::::::* cpe:2.3:o:cisco:ios_xe_sd-wan:17.2.0:::::::* cpe:2.3:h:cisco:isr_111x:-:::::::* cpe:2.3:h:cisco:asr_1000:-:::::::* cpe:2.3:h:cisco:isr_4321:-:::::::* cpe:2.3:h:cisco:isr_1101:-:::::::* cpe:2.3:h:cisco:isr_4431:-:::::::* cpe:2.3:h:cisco:isr_1111x:-:::::::* cpe:2.3:h:cisco:isr_4451:-:::::::* cpe:2.3:h:cisco:isr_1160:-:::::::* cpe:2.3:h:cisco:isr_4331:-:::::::* cpe:2.3:h:cisco:isr_1109:-:::::::* cpe:2.3:h:cisco:isr_4351:-:::::::* cpe:2.3:a:cisco:cloud_services_router_1000v:-:::::::* cpe:2.3:h:cisco:isr_1100:-:::::::* cpe:2.3:h:cisco:isr_4461:-:::::::* cpe:2.3:h:cisco:isr_4221:-:::::::*
References	~~(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-esc-rSNVvTf9 -~~	(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-esc-rSNVvTf9 - Vendor Advisory

24 Mar 2021, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-03-24 21:15

Updated : 2023-12-10 13:41

NVD link : CVE-2021-1371

Mitre link : CVE-2021-1371

CVE.ORG link : CVE-2021-1371

JSON object : View

Products Affected

cisco

cloud_services_router_1000v
1100_integrated_services_router
4451_integrated_services_router
ios_xe_sd-wan
1109_integrated_services_router
111x_integrated_services_router
1111x_integrated_services_router
4321_integrated_services_router
asr_1000
4431_integrated_services_router
4331_integrated_services_router
4351_integrated_services_router
1101_integrated_services_router
1120_integrated_services_router
1160_integrated_services_router
4461_integrated_services_router
4221_integrated_services_router

CWE

CWE-269

Improper Privilege Management

6.6 /10