CVE-2021-1391

A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consent token mechanism with the residual scripts on the affected device. A successful exploit could allow the attacker to escalate from privilege level 15 to root privilege.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.1 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
ciscoCNA
5.1 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
ciscoios
12.2\(6\)i1
ciscoios
15.0\(2\)se13a
ciscoios
15.1\(3\)svr1
ciscoios
15.1\(3\)svr2
ciscoios
15.1\(3\)svr3
ciscoios
15.1\(3\)svs
ciscoios
15.1\(3\)svs1
ciscoios
15.2\(4\)ea10
ciscoios
15.2\(5\)e
ciscoios
15.2\(5\)e1
ciscoios
15.2\(5\)e2
ciscoios
15.2\(5\)e2b
ciscoios
15.2\(5\)e2c
ciscoios
15.2\(5\)ea
ciscoios
15.2\(5\)ex
ciscoios
15.2\(5a\)e
ciscoios
15.2\(5a\)e1
ciscoios
15.2\(5b\)e
ciscoios
15.2\(5c\)e
ciscoios
15.2\(6\)e
ciscoios
15.2\(6\)e0a
ciscoios
15.2\(6\)e0c
ciscoios
15.2\(6\)e1
ciscoios
15.2\(6\)e1a
ciscoios
15.2\(6\)e1s
ciscoios
15.2\(6\)e2
ciscoios
15.2\(6\)e2a
ciscoios
15.2\(6\)e2b
ciscoios
15.2\(6\)e3
ciscoios
15.2\(6\)eb
ciscoios
15.2\(7\)e
ciscoios
15.2\(7\)e0a
ciscoios
15.2\(7\)e0b
ciscoios
15.2\(7\)e0s
ciscoios
15.2\(7\)e1
ciscoios
15.2\(7\)e1a
ciscoios
15.2\(7\)e2
ciscoios
15.2\(7\)e2a
ciscoios
15.2\(7\)e2b
ciscoios
15.2\(7\)e3
ciscoios
15.2\(7\)e3k
ciscoios
15.2\(7a\)e0b
ciscoios
15.2\(7b\)e0b
ciscoios
15.3\(3\)jf13
ciscoios_xe
3.9.0e:e
ciscoios_xe
3.9.1e:e
ciscoios_xe
3.9.2be:be
ciscoios_xe
3.9.2e:e
ciscoios_xe
3.10.0ce:ce
ciscoios_xe
3.10.0e:e
ciscoios_xe
3.10.1ae:ae
ciscoios_xe
3.10.1e:e
ciscoios_xe
3.10.1se:se
ciscoios_xe
3.10.2e:e
ciscoios_xe
3.10.3e:e
ciscoios_xe
3.11.0e:e
ciscoios_xe
3.11.1ae:ae
ciscoios_xe
3.11.1e:e
ciscoios_xe
3.11.2ae:ae
ciscoios_xe
3.11.2e:e
ciscoios_xe
3.11.3ae:ae
ciscoios_xe
3.11.3e:e
ciscoios_xe
16.8.1
ciscoios_xe
16.8.1a:a
ciscoios_xe
16.8.1b:b
ciscoios_xe
16.8.1c:c
ciscoios_xe
16.8.1d:d
ciscoios_xe
16.8.1e:e
ciscoios_xe
16.8.1s:s
ciscoios_xe
16.8.2
ciscoios_xe
16.8.3
ciscoios_xe
16.9.1
ciscoios_xe
16.9.1a:a
ciscoios_xe
16.9.1b:b
ciscoios_xe
16.9.1c:c
ciscoios_xe
16.9.1d:d
ciscoios_xe
16.9.1s:s
ciscoios_xe
16.9.2
ciscoios_xe
16.9.2a:a
ciscoios_xe
16.9.2s:s
ciscoios_xe
16.9.3
ciscoios_xe
16.9.3a:a
ciscoios_xe
16.9.3h:h
ciscoios_xe
16.9.3s:s
ciscoios_xe
16.9.4
ciscoios_xe
16.9.4c:c
ciscoios_xe
16.9.5
ciscoios_xe
16.9.5f:f
ciscoios_xe
16.9.6
ciscoios_xe
16.10.1
ciscoios_xe
16.10.1a:a
ciscoios_xe
16.10.1b:b
ciscoios_xe
16.10.1c:c
ciscoios_xe
16.10.1d:d
ciscoios_xe
16.10.1e:e
ciscoios_xe
16.10.1f:f
ciscoios_xe
16.10.1g:g
ciscoios_xe
16.10.1s:s
ciscoios_xe
16.10.2
ciscoios_xe
16.10.3
ciscoios_xe
16.11.1
ciscoios_xe
16.11.1a:a
ciscoios_xe
16.11.1b:b
ciscoios_xe
16.11.1c:c
ciscoios_xe
16.11.1s:s
ciscoios_xe
16.11.2
ciscoios_xe
16.12.1
ciscoios_xe
16.12.1a:a
ciscoios_xe
16.12.1c:c
ciscoios_xe
16.12.1s:s
ciscoios_xe
16.12.1t:t
ciscoios_xe
16.12.1w:w
ciscoios_xe
16.12.1x:x
ciscoios_xe
16.12.1y:y
ciscoios_xe
16.12.1z:z
ciscoios_xe
16.12.1za:za
ciscoios_xe
16.12.2
ciscoios_xe
16.12.2a:a
ciscoios_xe
16.12.2s:s
ciscoios_xe
16.12.2t:t
ciscoios_xe
16.12.3
ciscoios_xe
16.12.3a:a
ciscoios_xe
16.12.3s:s
ciscoios_xe
17.1.1
ciscoios_xe
17.1.1a:a
ciscoios_xe
17.1.1s:s
ciscoios_xe
17.1.1t:t
ciscoios_xe
17.1.2
ciscoios_xe
17.2.1
ciscoios_xe
17.2.1a:a
ciscoios_xe
17.2.1r:r
ciscoios_xe
17.2.1v:v
ciscoios_xe
17.2.2
ciscoios_xe
17.2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-FSM-Yj8qJbJc
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-FSM-Yj8qJbJc