Lucene search

[email protected]NVD:CVE-2021-1391

HistoryMar 24, 2021 - 8:15 p.m.

CVE-2021-1391

2021-03-2420:15:13

CWE-489

[email protected]

web.nvd.nist.gov

vulnerability

cisco

ios xe software

privilege escalation

dragonite debugger

local attacker

consent token mechanism

root privilege

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consent token mechanism with the residual scripts on the affected device. A successful exploit could allow the attacker to escalate from privilege level 15 to root privilege.

Affected configurations

Nvd

Node

ciscoiosMatch12.2\(6\)i1

ciscoiosMatch15.0\(2\)se13a

ciscoiosMatch15.1\(3\)svr1

ciscoiosMatch15.1\(3\)svr2

ciscoiosMatch15.1\(3\)svr3

ciscoiosMatch15.1\(3\)svs

ciscoiosMatch15.1\(3\)svs1

ciscoiosMatch15.2\(4\)ea10

ciscoiosMatch15.2\(5\)e

ciscoiosMatch15.2\(5\)e1

ciscoiosMatch15.2\(5\)e2

ciscoiosMatch15.2\(5\)e2b

ciscoiosMatch15.2\(5\)e2c

ciscoiosMatch15.2\(5\)ea

ciscoiosMatch15.2\(5\)ex

ciscoiosMatch15.2\(5a\)e

ciscoiosMatch15.2\(5a\)e1

ciscoiosMatch15.2\(5b\)e

ciscoiosMatch15.2\(5c\)e

ciscoiosMatch15.2\(6\)e

ciscoiosMatch15.2\(6\)e0a

ciscoiosMatch15.2\(6\)e0c

ciscoiosMatch15.2\(6\)e1

ciscoiosMatch15.2\(6\)e1a

ciscoiosMatch15.2\(6\)e1s

ciscoiosMatch15.2\(6\)e2

ciscoiosMatch15.2\(6\)e2a

ciscoiosMatch15.2\(6\)e2b

ciscoiosMatch15.2\(6\)e3

ciscoiosMatch15.2\(6\)eb

ciscoiosMatch15.2\(7\)e

ciscoiosMatch15.2\(7\)e0a

ciscoiosMatch15.2\(7\)e0b

ciscoiosMatch15.2\(7\)e0s

ciscoiosMatch15.2\(7\)e1

ciscoiosMatch15.2\(7\)e1a

ciscoiosMatch15.2\(7\)e2

ciscoiosMatch15.2\(7\)e2a

ciscoiosMatch15.2\(7\)e2b

ciscoiosMatch15.2\(7\)e3

ciscoiosMatch15.2\(7\)e3k

ciscoiosMatch15.2\(7a\)e0b

ciscoiosMatch15.2\(7b\)e0b

ciscoiosMatch15.3\(3\)jf13

ciscoios_xeMatch3.9.0e

ciscoios_xeMatch3.9.1e

ciscoios_xeMatch3.9.2be

ciscoios_xeMatch3.9.2e

ciscoios_xeMatch3.10.0ce

ciscoios_xeMatch3.10.0e

ciscoios_xeMatch3.10.1ae

ciscoios_xeMatch3.10.1e

ciscoios_xeMatch3.10.1se

ciscoios_xeMatch3.10.2e

ciscoios_xeMatch3.10.3e

ciscoios_xeMatch3.11.0e

ciscoios_xeMatch3.11.1ae

ciscoios_xeMatch3.11.1e

ciscoios_xeMatch3.11.2ae

ciscoios_xeMatch3.11.2e

ciscoios_xeMatch3.11.3ae

ciscoios_xeMatch3.11.3e

ciscoios_xeMatch16.8.1

ciscoios_xeMatch16.8.1a

ciscoios_xeMatch16.8.1b

ciscoios_xeMatch16.8.1c

ciscoios_xeMatch16.8.1d

ciscoios_xeMatch16.8.1e

ciscoios_xeMatch16.8.1s

ciscoios_xeMatch16.8.2

ciscoios_xeMatch16.8.3

ciscoios_xeMatch16.9.1

ciscoios_xeMatch16.9.1a

ciscoios_xeMatch16.9.1b

ciscoios_xeMatch16.9.1c

ciscoios_xeMatch16.9.1d

ciscoios_xeMatch16.9.1s

ciscoios_xeMatch16.9.2

ciscoios_xeMatch16.9.2a

ciscoios_xeMatch16.9.2s

ciscoios_xeMatch16.9.3

ciscoios_xeMatch16.9.3a

ciscoios_xeMatch16.9.3h

ciscoios_xeMatch16.9.3s

ciscoios_xeMatch16.9.4

ciscoios_xeMatch16.9.4c

ciscoios_xeMatch16.9.5

ciscoios_xeMatch16.9.5f

ciscoios_xeMatch16.9.6

ciscoios_xeMatch16.10.1

ciscoios_xeMatch16.10.1a

ciscoios_xeMatch16.10.1b

ciscoios_xeMatch16.10.1c

ciscoios_xeMatch16.10.1d

ciscoios_xeMatch16.10.1e

ciscoios_xeMatch16.10.1f

ciscoios_xeMatch16.10.1g

ciscoios_xeMatch16.10.1s

ciscoios_xeMatch16.10.2

ciscoios_xeMatch16.10.3

ciscoios_xeMatch16.11.1

ciscoios_xeMatch16.11.1a

ciscoios_xeMatch16.11.1b

ciscoios_xeMatch16.11.1c

ciscoios_xeMatch16.11.1s

ciscoios_xeMatch16.11.2

ciscoios_xeMatch16.12.1

ciscoios_xeMatch16.12.1a

ciscoios_xeMatch16.12.1c

ciscoios_xeMatch16.12.1s

ciscoios_xeMatch16.12.1t

ciscoios_xeMatch16.12.1w

ciscoios_xeMatch16.12.1x

ciscoios_xeMatch16.12.1y

ciscoios_xeMatch16.12.1z

ciscoios_xeMatch16.12.1za

ciscoios_xeMatch16.12.2

ciscoios_xeMatch16.12.2a

ciscoios_xeMatch16.12.2s

ciscoios_xeMatch16.12.2t

ciscoios_xeMatch16.12.3

ciscoios_xeMatch16.12.3a

ciscoios_xeMatch16.12.3s

ciscoios_xeMatch17.1.1

ciscoios_xeMatch17.1.1a

ciscoios_xeMatch17.1.1s

ciscoios_xeMatch17.1.1t

ciscoios_xeMatch17.1.2

ciscoios_xeMatch17.2.1

ciscoios_xeMatch17.2.1a

ciscoios_xeMatch17.2.1r

ciscoios_xeMatch17.2.1v

ciscoios_xeMatch17.2.2

ciscoios_xeMatch17.2.3

VendorProductVersionCPE
ciscoios12.2(6)i1cpe:2.3:o:cisco:ios:12.2\(6\)i1:*:*:*:*:*:*:*
ciscoios15.0(2)se13acpe:2.3:o:cisco:ios:15.0\(2\)se13a:*:*:*:*:*:*:*
ciscoios15.1(3)svr1cpe:2.3:o:cisco:ios:15.1\(3\)svr1:*:*:*:*:*:*:*
ciscoios15.1(3)svr2cpe:2.3:o:cisco:ios:15.1\(3\)svr2:*:*:*:*:*:*:*
ciscoios15.1(3)svr3cpe:2.3:o:cisco:ios:15.1\(3\)svr3:*:*:*:*:*:*:*
ciscoios15.1(3)svscpe:2.3:o:cisco:ios:15.1\(3\)svs:*:*:*:*:*:*:*
ciscoios15.1(3)svs1cpe:2.3:o:cisco:ios:15.1\(3\)svs1:*:*:*:*:*:*:*
ciscoios15.2(4)ea10cpe:2.3:o:cisco:ios:15.2\(4\)ea10:*:*:*:*:*:*:*
ciscoios15.2(5)ecpe:2.3:o:cisco:ios:15.2\(5\)e:*:*:*:*:*:*:*
ciscoios15.2(5)e1cpe:2.3:o:cisco:ios:15.2\(5\)e1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	12.2(6)i1	cpe:2.3:o:cisco:ios:12.2\(6\)i1:::::::*
cisco	ios	15.0(2)se13a	cpe:2.3:o:cisco:ios:15.0\(2\)se13a:::::::*
cisco	ios	15.1(3)svr1	cpe:2.3:o:cisco:ios:15.1\(3\)svr1:::::::*
cisco	ios	15.1(3)svr2	cpe:2.3:o:cisco:ios:15.1\(3\)svr2:::::::*
cisco	ios	15.1(3)svr3	cpe:2.3:o:cisco:ios:15.1\(3\)svr3:::::::*
cisco	ios	15.1(3)svs	cpe:2.3:o:cisco:ios:15.1\(3\)svs:::::::*
cisco	ios	15.1(3)svs1	cpe:2.3:o:cisco:ios:15.1\(3\)svs1:::::::*
cisco	ios	15.2(4)ea10	cpe:2.3:o:cisco:ios:15.2\(4\)ea10:::::::*
cisco	ios	15.2(5)e	cpe:2.3:o:cisco:ios:15.2\(5\)e:::::::*
cisco	ios	15.2(5)e1	cpe:2.3:o:cisco:ios:15.2\(5\)e1:::::::*

Rows per page:

1-10 of 1341

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-FSM-Yj8qJbJc

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2021-1391

nessus2 cvelist1 prion1 cisco1 cve1