CVE-2021-1376

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS v3.0 6.7 MEDIUM
CVSS v2.0 7.2 HIGH

6.7^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fast-Zqr6DD5	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:ios_xe:16.5.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.5.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.2:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.3:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.4:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.4a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.4s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.5:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.6:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.7:::::::*
	cpe:2.3:o:cisco:ios_xe:16.8.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.8.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.8.1s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.1s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.10.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.2:::::::*
	cpe:2.3:o:cisco:ios_xe:16.11.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.11.2:::::::*
	cpe:2.3:o:cisco:ios_xe:16.11.1c:::::::*
	cpe:2.3:o:cisco:ios_xe:16.11.1b:::::::*
	cpe:2.3:o:cisco:ios_xe:16.11.1s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.10.1s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.2s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.3a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.3:::::::*
	cpe:2.3:o:cisco:ios_xe:16.10.1e:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.3s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.4:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.5:::::::*
	cpe:2.3:o:cisco:ios_xe:16.6.8:::::::*
	cpe:2.3:o:cisco:ios_xe:16.9.6:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1:::::::*
	cpe:2.3:o:cisco:ios_xe:17.1.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1c:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.1s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.2:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.4:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.3:::::::*
	cpe:2.3:o:cisco:ios_xe:17.2.1:::::::*
	cpe:2.3:o:cisco:ios_xe:17.1.1s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.2t:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.2s:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.3a:::::::*
	cpe:2.3:o:cisco:ios_xe:17.1.1t:::::::*
	cpe:2.3:o:cisco:ios_xe:17.2.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.3s:::::::*
	cpe:2.3:o:cisco:ios_xe:17.1.2:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.4a:::::::*

Information

Published : 2021-03-24 14:15

Updated : 2021-03-30 07:34

NVD link : CVE-2021-1376

Mitre link : CVE-2021-1376

JSON object : View

CWE

CWE-347

Improper Verification of Cryptographic Signature

Products Affected

cisco

ios_xe

6.7 /10