| Vulnerability Name: | CVE-2021-1381 (CCN-198691) | ||||||||||||
| Assigned: | 2020-11-13 | ||||||||||||
| Published: | 2021-03-24 | ||||||||||||
| Updated: | 2021-03-30 | ||||||||||||
| Summary: | A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could exploit this vulnerability by running commands on the hardware platform to open a debugging console. A successful exploit could allow the attacker to access a debugging console. | ||||||||||||
| CVSS v3 Severity: | 6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) 5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
5.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-489 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-1381 Source: XF Type: UNKNOWN cisco-cve20211381-sec-bypass(198691) Source: CCN Type: Cisco Security Advisory cisco-sa-XE-BLKH-Ouvrnf2s Cisco IOS XE Software Active Debug Code Vulnerability Source: CISCO Type: Vendor Advisory 20210324 Cisco IOS XE Software Active Debug Code Vulnerability | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||