CVE-2021-1375

EPSS 0.03%
Published 24.03.2021 21:15:12
Last modified 21.11.2024 05:44:12
Source psirt@cisco.com
Teams watchlist Login
Open Login

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ios Xe Version16.5.1

Cisco ≫ Ios Xe Version16.5.1a

Cisco ≫ Ios Xe Version16.6.1

Cisco ≫ Ios Xe Version16.6.2

Cisco ≫ Ios Xe Version16.6.3

Cisco ≫ Ios Xe Version16.6.4

Cisco ≫ Ios Xe Version16.6.4a

Cisco ≫ Ios Xe Version16.6.4s

Cisco ≫ Ios Xe Version16.6.5

Cisco ≫ Ios Xe Version16.6.6

Cisco ≫ Ios Xe Version16.6.7

Cisco ≫ Ios Xe Version16.8.1

Cisco ≫ Ios Xe Version16.8.1a

Cisco ≫ Ios Xe Version16.8.1s

Cisco ≫ Ios Xe Version16.9.1

Cisco ≫ Ios Xe Version16.9.1s

Cisco ≫ Ios Xe Version16.9.2

Cisco ≫ Ios Xe Version16.9.2s

Cisco ≫ Ios Xe Version16.9.3

Cisco ≫ Ios Xe Version16.9.3a

Cisco ≫ Ios Xe Version16.9.3s

Cisco ≫ Ios Xe Version16.9.4

Cisco ≫ Ios Xe Version16.10.1

Cisco ≫ Ios Xe Version16.10.1e

Cisco ≫ Ios Xe Version16.10.1s

Cisco ≫ Ios Xe Version16.11.1

Cisco ≫ Ios Xe Version16.11.1b

Cisco ≫ Ios Xe Version16.11.1c

Cisco ≫ Ios Xe Version16.11.1s

Cisco ≫ Ios Xe Version16.11.2

Cisco ≫ Ios Xe Version16.12.1

Cisco ≫ Ios Xe Version16.12.1c

Cisco ≫ Ios Xe Version16.12.1s

Cisco ≫ Ios Xe Version16.12.2

Cisco ≫ Ios Xe Version16.12.2s

Cisco ≫ Ios Xe Version16.12.2t

Cisco ≫ Ios Xe Version17.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.054

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
psirt@cisco.com	6.7	0.8	5.9	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fast-Zqr6DD5

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-1375

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-1375

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-1375

EUVD