[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2021-1381Date: (C)2021-03-25   (M)2023-12-22


A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could exploit this vulnerability by running commands on the hardware platform to open a debugging console. A successful exploit could allow the attacker to access a debugging console.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.1CVSS Score : 3.6
Exploit Score: 0.9Exploit Score: 3.9
Impact Score: 5.2Impact Score: 4.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: PHYSICALAccess Vector: LOCAL
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: NONE
Integrity: HIGH 
Availability: NONE 
  
Reference:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-BLKH-Ouvrnf2s

CPE    11
cpe:/o:cisco:ios_xe:17.2.3
cpe:/o:cisco:ios_xe:17.2.2
cpe:/o:cisco:ios_xe:17.2.1
cpe:/o:cisco:ios_xe:17.1.2
...
CWE    1
CWE-489

© SecPod Technologies