Cisco IOS XE SD-WAN Software Command Injection Vulnerability

2021-09-2216:00:00

tools.cisco.com

cisco

ios xe

sd-wan

command injection

vulnerability

local attacker

arbitrary commands

elevated privileges

software updates

advisory

cisco event response.

EPSS

Percentile

5.2%

JSON

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device.

This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input in the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system. An attacker would need valid user credentials to exploit this vulnerability.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxesdwan-clicmdinj-7bYX5k3 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxesdwan-clicmdinj-7bYX5k3”]

This advisory is part of the September 2021 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74581”]

Affected configurations

Vulners

Node

ciscoios_xe_sd-wanMatch16.12

ciscoios_xe_sd-wan_16.12.1b_when_installed_on_1100_series_industrial_integrated_servicesMatchany

ciscocloud_services_router_1000v_firmwareMatchany

ciscoios_xe_sd-wan_16.10.4_when_installed_on_1000_series_integrated_servicesMatchany

ciscoasr_1000_series_softwareMatchany

ciscoios_xe_sd-wan_16.11.1_when_installed_on_4000_series_integrated_servicesMatchany

ciscointegrated_services_virtual_router_firmwareMatchany

ciscoios_xe_sd-wanMatch16.12.5

ciscoios_xe_sd-wanMatch1100_series_industrial_integrated_services_routers

ciscoios_xe_sd-wanMatch1000v_series

ciscoios_xe_sd-wanMatch1000_series_integrated_services_routers

ciscoios_xe_sd-wanMatch1000_series_aggregation_services_routers

ciscoios_xe_sd-wanMatch4000_series_integrated_services_routers

ciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatchany

ciscoios_xe_sd-wan_16.12.5_when_installed_on_integrated_services_virtualMatch1100_series_industrial_integrated_services_routers

ciscoios_xe_sd-wan_16.12.5_when_installed_on_cloud_services_router_1000vMatch1000v_series

ciscoios_xe_sd-wan_16.12.5_when_installed_on_integrated_services_virtualMatch1000_series_integrated_services_routers

ciscoios_xe_sd-wan_16.12.5_when_installed_on_asr_1000_series_aggregation_servicesMatch1000_series_aggregation_services_routers

ciscoios_xe_sd-wan_16.12.5_when_installed_on_integrated_services_virtualMatch4000_series_integrated_services_routers

ciscoios_xe_sd-wanMatch16.12.5_when_installed_on_cisco_integrated_services_virtual_router

VendorProductVersionCPE
ciscoios_xe_sd-wan16.12cpe:2.3:o:cisco:ios_xe_sd-wan:16.12:*:*:*:*:*:*:*
ciscoios_xe_sd-wan_16.12.1b_when_installed_on_1100_series_industrial_integrated_servicesanycpe:2.3:o:cisco:ios_xe_sd-wan_16.12.1b_when_installed_on_1100_series_industrial_integrated_services:any:*:*:*:*:*:*:*
ciscocloud_services_router_1000v_firmwareanycpe:2.3:o:cisco:cloud_services_router_1000v_firmware:any:*:*:*:*:*:*:*
ciscoios_xe_sd-wan_16.10.4_when_installed_on_1000_series_integrated_servicesanycpe:2.3:o:cisco:ios_xe_sd-wan_16.10.4_when_installed_on_1000_series_integrated_services:any:*:*:*:*:*:*:*
ciscoasr_1000_series_softwareanycpe:2.3:a:cisco:asr_1000_series_software:any:*:*:*:*:*:*:*
ciscoios_xe_sd-wan_16.11.1_when_installed_on_4000_series_integrated_servicesanycpe:2.3:o:cisco:ios_xe_sd-wan_16.11.1_when_installed_on_4000_series_integrated_services:any:*:*:*:*:*:*:*
ciscointegrated_services_virtual_router_firmwareanycpe:2.3:o:cisco:integrated_services_virtual_router_firmware:any:*:*:*:*:*:*:*
ciscoios_xe_sd-wan16.12.5cpe:2.3:o:cisco:ios_xe_sd-wan:16.12.5:*:*:*:*:*:*:*
ciscoios_xe_sd-wan1100_series_industrial_integrated_services_routerscpe:2.3:o:cisco:ios_xe_sd-wan:1100_series_industrial_integrated_services_routers:*:*:*:*:*:*:*
ciscoios_xe_sd-wan1000v_seriescpe:2.3:o:cisco:ios_xe_sd-wan:1000v_series:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe_sd-wan	16.12	cpe:2.3:o:cisco:ios_xe_sd-wan:16.12:::::::*
cisco	ios_xe_sd-wan_16.12.1b_when_installed_on_1100_series_industrial_integrated_services	any	cpe:2.3:o:cisco:ios_xe_sd-wan_16.12.1b_when_installed_on_1100_series_industrial_integrated_services:any:::::::*
cisco	cloud_services_router_1000v_firmware	any	cpe:2.3:o:cisco:cloud_services_router_1000v_firmware:any:::::::*
cisco	ios_xe_sd-wan_16.10.4_when_installed_on_1000_series_integrated_services	any	cpe:2.3:o:cisco:ios_xe_sd-wan_16.10.4_when_installed_on_1000_series_integrated_services:any:::::::*
cisco	asr_1000_series_software	any	cpe:2.3:a:cisco:asr_1000_series_software:any:::::::*
cisco	ios_xe_sd-wan_16.11.1_when_installed_on_4000_series_integrated_services	any	cpe:2.3:o:cisco:ios_xe_sd-wan_16.11.1_when_installed_on_4000_series_integrated_services:any:::::::*
cisco	integrated_services_virtual_router_firmware	any	cpe:2.3:o:cisco:integrated_services_virtual_router_firmware:any:::::::*
cisco	ios_xe_sd-wan	16.12.5	cpe:2.3:o:cisco:ios_xe_sd-wan:16.12.5:::::::*
cisco	ios_xe_sd-wan	1100_series_industrial_integrated_services_routers	cpe:2.3:o:cisco:ios_xe_sd-wan:1100_series_industrial_integrated_services_routers:::::::*
cisco	ios_xe_sd-wan	1000v_series	cpe:2.3:o:cisco:ios_xe_sd-wan:1000v_series:::::::*