CVE Vulnerabilities

CVE-2021-1391

Active Debug Code

Published: Mar 24, 2021 | Modified: Mar 30, 2021
CVSS 3.x
6.7
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consent token mechanism with the residual scripts on the affected device. A successful exploit could allow the attacker to escalate from privilege level 15 to root privilege.

Weakness

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

Affected Software

Name Vendor Start Version End Version
Ios_xe Cisco 3.9.0e 3.9.0e
Ios Cisco 15.2(5a)e1 15.2(5a)e1
Ios Cisco 15.2(5)ea 15.2(5)ea
Ios Cisco 15.2(5c)e 15.2(5c)e
Ios Cisco 15.2(5)e2 15.2(5)e2
Ios Cisco 15.2(5b)e 15.2(5b)e
Ios Cisco 15.2(5)ex 15.2(5)ex
Ios Cisco 15.2(5a)e 15.2(5a)e
Ios Cisco 15.2(5)e1 15.2(5)e1
Ios Cisco 15.2(5)e 15.2(5)e
Ios_xe Cisco 3.9.1e 3.9.1e
Ios Cisco 15.2(5)e2b 15.2(5)e2b
Ios Cisco 15.2(5)e2c 15.2(5)e2c
Ios_xe Cisco 3.9.2e 3.9.2e
Ios_xe Cisco 16.8.1 16.8.1
Ios_xe Cisco 16.9.1 16.9.1
Ios Cisco 12.2(6)i1 12.2(6)i1
Ios_xe Cisco 3.9.2be 3.9.2be
Ios_xe Cisco 16.8.1a 16.8.1a
Ios_xe Cisco 16.8.1s 16.8.1s
Ios_xe Cisco 16.8.1b 16.8.1b
Ios_xe Cisco 16.8.2 16.8.2
Ios_xe Cisco 16.8.1d 16.8.1d
Ios_xe Cisco 16.8.1c 16.8.1c
Ios_xe Cisco 16.8.1e 16.8.1e
Ios_xe Cisco 3.10.0ce 3.10.0ce
Ios_xe Cisco 3.10.0e 3.10.0e
Ios Cisco 15.2(6)e1 15.2(6)e1
Ios Cisco 15.2(6)e 15.2(6)e
Ios Cisco 15.2(6)e0c 15.2(6)e0c
Ios_xe Cisco 16.9.1s 16.9.1s
Ios_xe Cisco 16.9.1c 16.9.1c
Ios_xe Cisco 16.9.1b 16.9.1b
Ios Cisco 15.2(6)e0a 15.2(6)e0a
Ios_xe Cisco 3.10.1e 3.10.1e
Ios Cisco 15.2(6)e1a 15.2(6)e1a
Ios_xe Cisco 3.10.1ae 3.10.1ae
Ios_xe Cisco 3.10.1se 3.10.1se
Ios Cisco 15.2(6)e1s 15.2(6)e1s
Ios_xe Cisco 16.9.1d 16.9.1d
Ios_xe Cisco 3.10.2e 3.10.2e
Ios_xe Cisco 16.10.1 16.10.1
Ios_xe Cisco 16.9.1a 16.9.1a
Ios_xe Cisco 16.9.2a 16.9.2a
Ios_xe Cisco 16.9.2 16.9.2
Ios Cisco 15.2(6)e2a 15.2(6)e2a
Ios Cisco 15.2(6)e2b 15.2(6)e2b
Ios Cisco 15.2(6)e2 15.2(6)e2
Ios_xe Cisco 16.12.1 16.12.1
Ios_xe Cisco 16.11.1 16.11.1
Ios_xe Cisco 17.1.1 17.1.1
Ios Cisco 15.2(7)e 15.2(7)e
Ios_xe Cisco 16.11.1a 16.11.1a
Ios_xe Cisco 16.12.1c 16.12.1c
Ios_xe Cisco 16.12.1t 16.12.1t
Ios_xe Cisco 16.11.2 16.11.2
Ios_xe Cisco 16.12.1s 16.12.1s
Ios_xe Cisco 16.12.1a 16.12.1a
Ios_xe Cisco 16.12.1x 16.12.1x
Ios_xe Cisco 16.11.1c 16.11.1c
Ios_xe Cisco 16.11.1b 16.11.1b
Ios_xe Cisco 16.11.1s 16.11.1s
Ios_xe Cisco 16.12.1w 16.12.1w
Ios_xe Cisco 16.10.1s 16.10.1s
Ios_xe Cisco 16.10.1d 16.10.1d
Ios_xe Cisco 16.9.2s 16.9.2s
Ios_xe Cisco 3.11.3e 3.11.3e
Ios_xe Cisco 3.11.0e 3.11.0e
Ios_xe Cisco 16.9.3h 16.9.3h
Ios_xe Cisco 16.9.3a 16.9.3a
Ios_xe Cisco 16.10.1a 16.10.1a
Ios_xe Cisco 3.10.3e 3.10.3e
Ios_xe Cisco 16.10.1f 16.10.1f
Ios_xe Cisco 16.10.1g 16.10.1g
Ios_xe Cisco 16.10.2 16.10.2
Ios_xe Cisco 16.9.3 16.9.3
Ios_xe Cisco 16.12.1y 16.12.1y
Ios_xe Cisco 16.10.1e 16.10.1e
Ios_xe Cisco 16.10.1b 16.10.1b
Ios_xe Cisco 16.8.3 16.8.3
Ios_xe Cisco 16.9.3s 16.9.3s
Ios_xe Cisco 16.10.1c 16.10.1c
Ios_xe Cisco 16.9.4 16.9.4
Ios Cisco 15.2(7)e0s 15.2(7)e0s
Ios_xe Cisco 16.12.2 16.12.2
Ios Cisco 15.2(7)e0a 15.2(7)e0a
Ios Cisco 15.2(7a)e0b 15.2(7a)e0b
Ios Cisco 15.2(7)e1 15.2(7)e1
Ios_xe Cisco 16.9.4c 16.9.4c
Ios_xe Cisco 3.11.1e 3.11.1e
Ios Cisco 15.2(6)e3 15.2(6)e3
Ios Cisco 15.0(2)se13a 15.0(2)se13a
Ios_xe Cisco 3.11.1ae 3.11.1ae
Ios Cisco 15.2(7)e1a 15.2(7)e1a
Ios Cisco 15.2(7)e0b 15.2(7)e0b
Ios Cisco 15.1(3)svs 15.1(3)svs
Ios_xe Cisco 16.12.2a 16.12.2a
Ios Cisco 15.2(6)eb 15.2(6)eb
Ios_xe Cisco 16.10.3 16.10.3
Ios Cisco 15.2(7b)e0b 15.2(7b)e0b
Ios_xe Cisco 16.9.5 16.9.5
Ios_xe Cisco 16.9.5f 16.9.5f
Ios Cisco 15.2(4)ea10 15.2(4)ea10
Ios Cisco 15.1(3)svr1 15.1(3)svr1
Ios Cisco 15.3(3)jf13 15.3(3)jf13
Ios_xe Cisco 16.12.3 16.12.3
Ios_xe Cisco 17.2.1 17.2.1
Ios_xe Cisco 17.1.1s 17.1.1s
Ios_xe Cisco 16.12.2t 16.12.2t
Ios_xe Cisco 17.1.1a 17.1.1a
Ios_xe Cisco 16.12.2s 16.12.2s
Ios_xe Cisco 16.12.3a 16.12.3a
Ios_xe Cisco 17.1.1t 17.1.1t
Ios_xe Cisco 17.2.1a 17.2.1a
Ios_xe Cisco 17.2.1v 17.2.1v
Ios_xe Cisco 16.12.1z 16.12.1z
Ios_xe Cisco 16.12.3s 16.12.3s
Ios_xe Cisco 17.2.1r 17.2.1r
Ios_xe Cisco 17.1.2 17.1.2
Ios_xe Cisco 17.2.2 17.2.2
Ios_xe Cisco 16.12.1za 16.12.1za
Ios_xe Cisco 17.2.3 17.2.3
Ios_xe Cisco 16.9.6 16.9.6
Ios Cisco 15.2(7)e2b 15.2(7)e2b
Ios Cisco 15.2(7)e2a 15.2(7)e2a
Ios_xe Cisco 3.11.3ae 3.11.3ae
Ios Cisco 15.1(3)svr2 15.1(3)svr2
Ios Cisco 15.1(3)svr3 15.1(3)svr3
Ios Cisco 15.1(3)svs1 15.1(3)svs1
Ios Cisco 15.2(7)e3 15.2(7)e3
Ios_xe Cisco 3.11.2ae 3.11.2ae
Ios Cisco 15.2(7)e2 15.2(7)e2
Ios_xe Cisco 3.11.2e 3.11.2e
Ios Cisco 15.2(7)e3k 15.2(7)e3k

Potential Mitigations

References