Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2021-1391

Published: 24/03/2021 Updated: 07/11/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Ios Xe

Vulnerability Summary

A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local malicious user to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consent token mechanism with the residual scripts on the affected device. A successful exploit could allow the malicious user to escalate from privilege level 15 to root privilege.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco ios xe 3.9.0e

cisco ios 15.2\\(5a\\)e1

cisco ios 15.2\\(5\\)ea

cisco ios 15.2\\(5c\\)e

cisco ios 15.2\\(5\\)e2

cisco ios 15.2\\(5b\\)e

cisco ios 15.2\\(5\\)ex

cisco ios 15.2\\(5a\\)e

cisco ios 15.2\\(5\\)e1

cisco ios 15.2\\(5\\)e

cisco ios xe 3.9.1e

cisco ios 15.2\\(5\\)e2b

cisco ios 15.2\\(5\\)e2c

cisco ios xe 3.9.2e

cisco ios xe 16.8.1

cisco ios xe 16.9.1

cisco ios 12.2\\(6\\)i1

cisco ios xe 3.9.2be

cisco ios xe 16.8.1a

cisco ios xe 16.8.1s

cisco ios xe 16.8.1b

cisco ios xe 16.8.2

cisco ios xe 16.8.1d

cisco ios xe 16.8.1c

cisco ios xe 16.8.1e

cisco ios xe 3.10.0ce

cisco ios xe 3.10.0e

cisco ios 15.2\\(6\\)e1

cisco ios 15.2\\(6\\)e

cisco ios 15.2\\(6\\)e0c

cisco ios xe 16.9.1s

cisco ios xe 16.9.1c

cisco ios xe 16.9.1b

cisco ios 15.2\\(6\\)e0a

cisco ios xe 3.10.1e

cisco ios 15.2\\(6\\)e1a

cisco ios xe 3.10.1ae

cisco ios xe 3.10.1se

cisco ios 15.2\\(6\\)e1s

cisco ios xe 16.9.1d

cisco ios xe 3.10.2e

cisco ios xe 16.10.1

cisco ios xe 16.9.1a

cisco ios xe 16.9.2a

cisco ios xe 16.9.2

cisco ios 15.2\\(6\\)e2a

cisco ios 15.2\\(6\\)e2b

cisco ios 15.2\\(6\\)e2

cisco ios xe 16.12.1

cisco ios xe 16.11.1

cisco ios xe 17.1.1

cisco ios 15.2\\(7\\)e

cisco ios xe 16.11.1a

cisco ios xe 16.12.1c

cisco ios xe 16.12.1t

cisco ios xe 16.11.2

cisco ios xe 16.12.1s

cisco ios xe 16.12.1a

cisco ios xe 16.12.1x

cisco ios xe 16.11.1c

cisco ios xe 16.11.1b

cisco ios xe 16.11.1s

cisco ios xe 16.12.1w

cisco ios xe 16.10.1s

cisco ios xe 16.10.1d

cisco ios xe 16.9.2s

cisco ios xe 3.11.3e

cisco ios xe 3.11.0e

cisco ios xe 16.9.3h

cisco ios xe 16.9.3a

cisco ios xe 16.10.1a

cisco ios xe 3.10.3e

cisco ios xe 16.10.1f

cisco ios xe 16.10.1g

cisco ios xe 16.10.2

cisco ios xe 16.9.3

cisco ios xe 16.12.1y

cisco ios xe 16.10.1e

cisco ios xe 16.10.1b

cisco ios xe 16.8.3

cisco ios xe 16.9.3s

cisco ios xe 16.10.1c

cisco ios xe 16.9.4

cisco ios 15.2\\(7\\)e0s

cisco ios xe 16.12.2

cisco ios 15.2\\(7\\)e0a

cisco ios 15.2\\(7a\\)e0b

cisco ios 15.2\\(7\\)e1

cisco ios xe 16.9.4c

cisco ios xe 3.11.1e

cisco ios 15.2\\(6\\)e3

cisco ios 15.0\\(2\\)se13a

cisco ios xe 3.11.1ae

cisco ios 15.2\\(7\\)e1a

cisco ios 15.2\\(7\\)e0b

cisco ios 15.1\\(3\\)svs

cisco ios xe 16.12.2a

cisco ios 15.2\\(6\\)eb

cisco ios xe 16.10.3

cisco ios 15.2\\(7b\\)e0b

cisco ios xe 16.9.5

cisco ios xe 16.9.5f

cisco ios 15.2\\(4\\)ea10

cisco ios 15.1\\(3\\)svr1

cisco ios 15.3\\(3\\)jf13

cisco ios xe 16.12.3

cisco ios xe 17.2.1

cisco ios xe 17.1.1s

cisco ios xe 16.12.2t

cisco ios xe 17.1.1a

cisco ios xe 16.12.2s

cisco ios xe 16.12.3a

cisco ios xe 17.1.1t

cisco ios xe 17.2.1a

cisco ios xe 17.2.1v

cisco ios xe 16.12.1z

cisco ios xe 16.12.3s

cisco ios xe 17.2.1r

cisco ios xe 17.1.2

cisco ios xe 17.2.2

cisco ios xe 16.12.1za

cisco ios xe 17.2.3

cisco ios xe 16.9.6

cisco ios 15.2\\(7\\)e2b

cisco ios 15.2\\(7\\)e2a

cisco ios xe 3.11.3ae

cisco ios 15.1\\(3\\)svr2

cisco ios 15.1\\(3\\)svr3

cisco ios 15.1\\(3\\)svs1

cisco ios 15.2\\(7\\)e3

cisco ios xe 3.11.2ae

cisco ios 15.2\\(7\\)e2

cisco ios xe 3.11.2e

cisco ios 15.2\\(7\\)e3k

Vendor Advisories

Cisco: Cisco IOS and IOS XE Software Privilege Escalation Vulnerability
A vulnerability in the dragonite debugger of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege The vulnerability is due to the presence of development testing and verification scripts that remained on the device An attacker could exploit this vulnerabili ...

References

CWE-489https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-FSM-Yj8qJbJchttps://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-FSM-Yj8qJbJc
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook