CVE-2021-34725

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-34725
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root-level privileges.

6.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-maapi-privesc-KSUg7QSS Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-maapi-privesc-KSUg7QSS Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:ios_xe_sd-wan:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:1000_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-4g\/6g_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1101_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1109_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1111x_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:111x_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1120_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1160_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4000_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:422_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4451-x_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4451_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1000-esp100:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1000-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1000_series:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1000_series_route_processor_\(rp2\):-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1000_series_route_processor_\(rp3\):-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1001:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1001-hx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1001-hx_r:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1001-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1001-x_r:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1002:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1002-hx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1002-hx_r:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1002-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1002-x_r:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1004:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1006:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1006-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1009-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1013:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1023:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:csr_1000v:-:*:*:*:*:*:*:*
History

21 Nov 2024, 06:11

Type Values Removed Values Added
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-maapi-privesc-KSUg7QSS - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-maapi-privesc-KSUg7QSS - Vendor Advisory

22 May 2023, 18:57

Type Values Removed Values Added
CPE cpe:2.3:h:cisco:isr_1100-8p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1109-4p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4221:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4431:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1109-2p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4461:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4351:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1100-4p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4331:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4451:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1101-4p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4451-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1120:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1111x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1109:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_111x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1101:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1111x-8p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1100:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1100-4g\/6g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4321:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1160:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_422:-:*:*:*:*:*:*:*		 cpe:2.3:h:cisco:1109_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4451_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1000_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1101_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1111x_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4451-x_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:111x_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-4g\/6g_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4000_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:422_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1120_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1160_integrated_services_router:-:*:*:*:*:*:*:*
First Time Cisco 1100-4p Integrated Services Router
Cisco 4351 Integrated Services Router
Cisco 1109 Integrated Services Router
Cisco 1160 Integrated Services Router
Cisco 4221 Integrated Services Router
Cisco 4431 Integrated Services Router
Cisco 1111x Integrated Services Router
Cisco 1100-4g\/6g Integrated Services Router
Cisco 1120 Integrated Services Router
Cisco 4451 Integrated Services Router
Cisco 4331 Integrated Services Router
Cisco 1101-4p Integrated Services Router
Cisco 1111x-8p Integrated Services Router
Cisco 4461 Integrated Services Router
Cisco 4321 Integrated Services Router
Cisco 1100-8p Integrated Services Router
Cisco 4451-x Integrated Services Router
Cisco 1100 Integrated Services Router
Cisco 4000 Integrated Services Router
Cisco 1000 Integrated Services Router
Cisco 1109-4p Integrated Services Router
Cisco 422 Integrated Services Router
Cisco 1109-2p Integrated Services Router
Cisco 1101 Integrated Services Router
Cisco 111x Integrated Services Router
Information

Published : 2021-09-23 03:15

Updated : 2024-11-21 06:11

NVD link : CVE-2021-34725

Mitre link : CVE-2021-34725

CVE.ORG link : CVE-2021-34725

JSON object : View

Products Affected

cisco

  • 4221_integrated_services_router
  • asr_1002-hx_r
  • 1160_integrated_services_router
  • 1101_integrated_services_router
  • 4451-x_integrated_services_router
  • asr_1000-esp100
  • asr_1002
  • asr_1006-x
  • asr_1009-x
  • 1100-4g\/6g_integrated_services_router
  • 1100-4p_integrated_services_router
  • asr_1000_series_route_processor_\(rp2\)
  • 4351_integrated_services_router
  • ios_xe_sd-wan
  • 1100_integrated_services_router
  • asr_1001-hx
  • asr_1002-x
  • asr_1004
  • asr_1023
  • csr_1000v
  • asr_1001-x_r
  • 4451_integrated_services_router
  • 1000_integrated_services_router
  • 4431_integrated_services_router
  • asr_1001-x
  • 1109_integrated_services_router
  • 1100-8p_integrated_services_router
  • asr_1001-hx_r
  • 1111x-8p_integrated_services_router
  • asr_1002-x_r
  • 4321_integrated_services_router
  • asr_1000-x
  • asr_1002-hx
  • asr_1006
  • asr_1001
  • 4461_integrated_services_router
  • 1101-4p_integrated_services_router
  • asr_1000_series_route_processor_\(rp3\)
  • 1109-2p_integrated_services_router
  • 4331_integrated_services_router
  • asr_1013
  • 111x_integrated_services_router
  • asr_1000
  • 1109-4p_integrated_services_router
  • 422_integrated_services_router
  • 1111x_integrated_services_router
  • asr_1000_series
  • 4000_integrated_services_router
  • 1120_integrated_services_router
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')