{"containers": {"cna": {"affected": [{"product": "Cisco IOS XE Software ", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2021-03-24T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-552", "description": "CWE-552", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-24T20:05:36", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20210324 Cisco IOS XE SD-WAN Software Arbitrary File Corruption Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-arbfile-FUxskKDE"}], "source": {"advisory": "cisco-sa-iosxe-arbfile-FUxskKDE", "defect": [["CSCvu39228"]], "discovery": "INTERNAL"}, "title": "Cisco IOS XE SD-WAN Software Arbitrary File Corruption Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-03-24T16:00:00", "ID": "CVE-2021-1434", "STATE": "PUBLIC", "TITLE": "Cisco IOS XE SD-WAN Software Arbitrary File Corruption Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IOS XE Software ", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "impact": {"cvss": {"baseScore": "4.4", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N ", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-552"}]}]}, "references": {"reference_data": [{"name": "20210324 Cisco IOS XE SD-WAN Software Arbitrary File Corruption Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-arbfile-FUxskKDE"}]}, "source": {"advisory": "cisco-sa-iosxe-arbfile-FUxskKDE", "defect": [["CSCvu39228"]], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1434", "datePublished": "2021-03-24T00:00:00", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2021-03-24T20:05:36", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "E91F8704-6DAD-474A-84EA-04E4AF7BB9B1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*", "matchCriteriaId": "314C7763-A64D-4023-9F3F-9A821AE4151F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*", "matchCriteriaId": "5820D71D-FC93-45AA-BC58-A26A1A39C936", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*", "matchCriteriaId": "FC1C85DD-69CC-4AA8-B219-651D57FC3506", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*", "matchCriteriaId": "DB26AE0F-85D8-4EAB-B9BD-457DD81FF0FE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "B53E377A-0296-4D7A-B97C-576B0026543D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "C98DED36-D4B5-48D6-964E-EEEE97936700", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*", "matchCriteriaId": "CD98C9E8-3EA6-4160-970D-37C389576516", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*", "matchCriteriaId": "C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*", "matchCriteriaId": "9027A528-2588-4C06-810B-5BB313FE4323", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*", "matchCriteriaId": "7745ED34-D59D-49CC-B174-96BCA03B3374", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1w:*:*:*:*:*:*:*", "matchCriteriaId": "19AF4CF3-6E79-4EA3-974D-CD451A192BA9", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1x:*:*:*:*:*:*:*", "matchCriteriaId": "313BD54C-073C-4F27-82D5-C99EFC3A20F7", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1y:*:*:*:*:*:*:*", "matchCriteriaId": "93B96E01-3777-4C33-9225-577B469A6CE5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1z:*:*:*:*:*:*:*", "matchCriteriaId": "65FC3CC1-CF4F-4A2D-A500-04395AFE8B47", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1za:*:*:*:*:*:*:*", "matchCriteriaId": "027200FC-8AD4-47E4-A404-490AE4F997EC", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "E5019B59-508E-40B0-9C92-2C26F58E2FBE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2a:*:*:*:*:*:*:*", "matchCriteriaId": "443D78BA-A3DA-4D1F-A4DF-2F426DC6B841", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*", "matchCriteriaId": "1986DB1F-AD0A-42FE-8EC8-F18BA1AD4F99", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2t:*:*:*:*:*:*:*", "matchCriteriaId": "3C6FB4DC-814D-49D2-BBE2-3861AE985A1C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "D5750264-2990-4942-85F4-DB9746C5CA2B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.3a:*:*:*:*:*:*:*", "matchCriteriaId": "02352FD8-2A7B-41BD-9E4A-F312ABFDF3EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*", "matchCriteriaId": "B9173AD6-6658-4267-AAA7-D50D0B657528", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4B7EE7C7-D6C1-4C35-8C80-EAF3FC7E7EFA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*", "matchCriteriaId": "B51FA707-8DB1-4596-9122-D4BFEF17F400", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*", "matchCriteriaId": "C04DF35A-1B6F-420A-8D84-74EB41BF3700", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*", "matchCriteriaId": "211CC9B2-6108-4C50-AB31-DC527C43053E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system."}, {"lang": "es", "value": "Una vulnerabilidad en la CLI del Software Cisco IOS XE SD-WAN, podr\u00eda permitir a un atacante local autenticado sobrescribir archivos arbitrarios en el sistema de archivos subyacente. Esta vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de los par\u00e1metros de un comando de CLI espec\u00edfico. Un atacante podr\u00eda explotar esta vulnerabilidad al emitir ese comando con par\u00e1metros espec\u00edficos. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante sobrescribir el contenido de cualquier archivo arbitrario que resida en el sistema de archivos del host subyacente"}], "id": "CVE-2021-1434", "lastModified": "2023-11-07T03:28:18.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.6, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2021-03-24T20:15:14.667", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-arbfile-FUxskKDE"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "ykramarz@cisco.com", "type": "Primary"}]}

{}