CVE-2021-1546

CVE-2021-1546 is a Cisco SD-WAN Software CLI information-disclosure vulnerability. The issue stems from improper protections on file access through the CLI, allowing an authenticated, local attacker to run a CLI command that targets an arbitrary local file and potentially read portions of that fi...

CVE-2021-34729

CVE-2021-34729 affects Cisco IOS XE SD-WAN Software and IOS XE Software. A CLI argument validation flaw allows an authenticated, local attacker to inject commands and execute arbitrary OS-level code with elevated privileges. Exploitation requires valid credentials; impact includes full control ov...

CVE-2021-34729 Cisco IOS XE SD-WAN Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI...

CVE-2021-34729 Cisco IOS XE SD-WAN Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI...

CVE-2021-34726 Cisco SD-WAN Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation on certain C...

CVE-2021-34726

Cisco SD-WAN Software Command Injection (CVE-2021-34726) affects the CLI of Cisco SD-WAN Software. Affected component: CLI command handling; root cause: insufficient input validation on certain CLI commands. Impact: authenticated, local attacker with administrative privileges could inject and exe...

CVE-2021-34725 Cisco IOS XE SD-WAN Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An...

CVE-2021-34725

CVE-2021-34725 involves a vulnerability in the CLI of Cisco IOS XE SD-WAN Software where an authenticated, local attacker with administrative privileges can inject arbitrary commands to run with root-level access due to insufficient input validation on certain CLI commands. Exploitation requires ...

CVE-2021-34724

CVE-2021-34724 affects Cisco IOS XE SD-WAN Software CLI. The root cause is insufficient filesystem protection and a sensitive file in bootflash, allowing an authenticated PRIV15 user to overwrite an installer file and execute commands with root privileges. A successful exploit could read/write th...

CVE-2021-34723

CVE-2021-34723 concerns Cisco IOS XE SD-WAN Software where an authenticated, local attacker can exploit a CLI command with crafted parameters to overwrite arbitrary files in the device’s configuration database, potentially gaining root-level access. The root cause is insufficient validation of ce...

CVE-2021-34699 Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability

A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this...

CVE-2021-34699

Cisco IOS and IOS XE TrustSec CLI parser DoS (CVE-2021-34699) arises from an improper interaction between the Web UI and the TrustSec CLI parser, allowing an authenticated, remote attacker to cause an affected device to reload and trigger a DoS. The vulnerability affects Cisco IOS and IOS XE soft...

CVE-2021-34696 Cisco ASR 900 and ASR 920 Series Aggregation Services Routers Access Control List Bypass Vulnerability

A vulnerability in the access control list ACL programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a...

The vulnerability of the CLI component of the Cisco IOS XR operating system, allowing a hacker to execute arbitrary commands

The vulnerability of the CLI component of the Cisco IOS XR operating system exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

The vulnerability of the CLI component of the Cisco IOS XR operating system allows a perpetrator to execute arbitrary commands with root privileges or gain increased privileges.

The vulnerability of the CLI component of the Cisco IOS XR operating system exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability can allow an attacker to enhance their privileges or execute arbitrary...

Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root user. An attacker must be authenticated on an affected device as a PRIV15 user. This vulnerability i...

Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability

A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command...

Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability

A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this...

Cisco IOS and IOS XE Software Link Layer Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol LLDP message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. This vulnerability is due to improper initialization of a...

Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placi...