Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2021-1392

Published: 24/03/2021 Updated: 07/11/2023
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Ios

Vulnerability Summary

A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local malicious user to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user. This vulnerability exists because incorrect permissions are associated with the show cip security CLI command. An attacker could exploit this vulnerability by issuing the command to retrieve the password for CIP on an affected device. A successful exploit could allow the malicious user to reconfigure the device.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco ios 15.2\\(4\\)ea

cisco ios 15.3\\(3\\)jnb3

cisco ios xe 3.6.5be

cisco ios 15.2\\(2\\)e5b

cisco ios 15.0\\(1\\)ey

cisco ios 15.3\\(3\\)jn

cisco ios 15.3\\(3\\)jb

cisco ios 15.3\\(3\\)jnb2

cisco ios xe 3.7.4e

cisco ios 15.3\\(3\\)jpc

cisco ios 15.2\\(3\\)e2

cisco ios 15.3\\(3\\)jc2

cisco ios 15.3\\(3\\)jaa

cisco ios 15.2\\(4\\)ea4

cisco ios 15.2\\(2\\)e3

cisco ios 15.2\\(3\\)e4

cisco ios 15.2\\(4\\)ec1

cisco ios 15.3\\(3\\)jbb2

cisco ios 15.3\\(3\\)jc

cisco ios 15.2\\(2\\)e6

cisco ios 15.3\\(3\\)ja10

cisco ios 15.2\\(2\\)ea2

cisco ios 15.3\\(3\\)jnc1

cisco ios 15.3\\(3\\)jbb5

cisco ios 15.3\\(3\\)jnp

cisco ios 15.3\\(3\\)jbb6a

cisco ios 15.2\\(3\\)e5

cisco ios 15.2\\(2\\)ea1

cisco ios 15.2\\(5a\\)e1

cisco ios 15.3\\(3\\)jax

cisco ios 15.3\\(3\\)jd2

cisco ios 15.3\\(3\\)jn3

cisco ios 15.3\\(3\\)ja1

cisco ios 15.2\\(2\\)e2

cisco ios 15.2\\(3\\)e3

cisco ios 15.3\\(3\\)jnc

cisco ios 15.3\\(3\\)jnc3

cisco ios 15.3\\(3\\)jbb6

cisco ios 15.3\\(3\\)ja8

cisco ios 15.3\\(3\\)ja6

cisco ios 15.2\\(2\\)e1

cisco ios 15.3\\(3\\)jn9

cisco ios 15.3\\(3\\)jpb

cisco ios 15.3\\(3\\)jpc1

cisco ios 15.2\\(4\\)ea1

cisco ios 15.3\\(3\\)jnb

cisco ios 15.2\\(2\\)e

cisco ios 15.2\\(4\\)ea3

cisco ios xe 3.3.1xo

cisco ios 15.2\\(2\\)eb2

cisco ios 15.2\\(2\\)eb1

cisco ios 15.3\\(3\\)jn8

cisco ios 15.2\\(5\\)ea

cisco ios 15.3\\(3\\)jpb1

cisco ios 15.2\\(2\\)eb

cisco ios xe 3.7.5e

cisco ios 15.3\\(3\\)jnp1

cisco ios 15.2\\(3\\)ea

cisco ios 15.2\\(2\\)e4

cisco ios 15.3\\(3\\)jc3

cisco ios 15.2\\(5\\)e2

cisco ios 15.3\\(3\\)jnd

cisco ios 15.2\\(1\\)ey

cisco ios 15.3\\(3\\)jax2

cisco ios 15.2\\(2\\)e5

cisco ios 15.3\\(3\\)jd

cisco ios 15.2\\(2a\\)e2

cisco ios xe 3.3.2xo

cisco ios 15.2\\(4\\)ec2

cisco ios 15.2\\(2\\)e5a

cisco ios 15.3\\(3\\)jnc2

cisco ios 15.3\\(3\\)jnp3

cisco ios 15.2\\(3\\)e1

cisco ios 15.0\\(1\\)ey1

cisco ios 15.0\\(1\\)ey2

cisco ios 15.3\\(3\\)jbb

cisco ios 15.3\\(3\\)jc4

cisco ios xe 3.3.0xo

cisco ios 15.3\\(3\\)jbb4

cisco ios 15.3\\(3\\)jc1

cisco ios 15.3\\(3\\)jnb4

cisco ios 15.3\\(3\\)jpc2

cisco ios 15.3\\(3\\)jn4

cisco ios 15.3\\(3\\)ja5

cisco ios 15.2\\(2\\)e7

cisco ios 15.3\\(3\\)jbb8

cisco ios 15.3\\(3\\)ja7

cisco ios 15.2\\(5\\)e1

cisco ios 15.2\\(5\\)e

cisco ios 15.2\\(2\\)ea3

cisco ios 15.3\\(3\\)ja4

cisco ios 15.3\\(3\\)jn7

cisco ios 15.3\\(3\\)jax1

cisco ios 15.3\\(3\\)jbb1

cisco ios 15.3\\(3\\)jnb1

cisco ios 15.3\\(3\\)jc5

cisco ios 15.3\\(3\\)jnb6

cisco ios 15.3\\(3\\)jd3

cisco ios 15.2\\(5\\)e2b

cisco ios 15.3\\(3\\)jc6

cisco ios 15.3\\(3\\)jnc4

cisco ios 15.2\\(4\\)ea5

cisco ios 15.3\\(3\\)ja11

cisco ios 15.3\\(3\\)jpc3

cisco ios 15.3\\(3\\)jnd3

cisco ios 15.3\\(3\\)jnd1

cisco ios 15.3\\(3\\)jd4

cisco ios 15.3\\(3\\)jnd2

cisco ios 15.3\\(3\\)jpd

cisco ios 15.3\\(3\\)je

cisco ios 15.3\\(3\\)jd7

cisco ios 15.3\\(3\\)jf1

cisco ios 15.2\\(5\\)e2c

cisco ios xe 16.9.1

cisco ios 15.2\\(2b\\)e

cisco ios 15.2\\(2\\)ea

cisco ios 15.2\\(4\\)ea6

cisco ios 15.2\\(4\\)ea2

cisco ios 15.2\\(4\\)e5a

cisco ios 15.2\\(4\\)ea9

cisco ios 15.2\\(2\\)e7b

cisco ios 15.2\\(6\\)e1

cisco ios 15.2\\(6\\)e

cisco ios 15.2\\(4\\)ea8

cisco ios 15.2\\(6\\)e0c

cisco ios 15.2\\(2\\)e8

cisco ios 15.2\\(6\\)e0a

cisco ios 15.2\\(6\\)e1a

cisco ios 15.2\\(6\\)e1s

cisco ios xe 16.9.1d

cisco ios 15.3\\(3\\)jd9

cisco ios 15.3\\(3\\)jd11

cisco ios 15.3\\(3\\)jf8

cisco ios 15.3\\(3\\)jf7

cisco ios 15.3\\(3\\)jh

cisco ios 15.2\\(2\\)e10

cisco ios 15.3\\(3\\)jd12

cisco ios 15.3\\(3\\)jf9

cisco ios 15.3\\(3\\)jd13

cisco ios 15.2\\(2\\)e9

cisco ios 15.3\\(3\\)jd6

cisco ios 15.3\\(3\\)jd8

cisco ios 15.3\\(3\\)jd16

cisco ios 15.3\\(3\\)jh1

cisco ios 15.3\\(3\\)jd5

cisco ios 15.3\\(3\\)jg1

cisco ios 15.3\\(3\\)jd14

cisco ios 15.3\\(3\\)jf5

cisco ios 15.3\\(3\\)jg

cisco ios 15.3\\(3\\)jc14

cisco ios 15.3\\(3\\)jc9

cisco ios 15.3\\(3\\)jc8

cisco ios 15.3\\(3\\)ji1

cisco ios 15.3\\(3\\)jf

cisco ios 15.3\\(3\\)jf6

cisco ios 15.2\\(4\\)ea7

cisco ios 15.3\\(3\\)jf4

cisco ios 15.3\\(3\\)jf2

cisco ios xe 16.10.1

cisco ios 15.3\\(3\\)jn11

cisco ios 15.3\\(3\\)ja12

cisco ios 15.3\\(3\\)jn14

cisco ios 15.3\\(3\\)jn13

cisco ios 15.3\\(3\\)jn15

cisco ios 15.3\\(3\\)jpc5

cisco ios 15.3\\(3\\)jn6

cisco ios 15.2\\(4\\)jaz

cisco ios 15.3\\(3\\)jnb5

cisco ios xe 16.12.1

cisco ios xe 16.11.1

cisco ios xe 17.1.1

cisco ios xe 16.11.1a

cisco ios xe 16.12.1c

cisco ios xe 16.11.2

cisco ios xe 16.12.1s

cisco ios xe 16.11.1c

cisco ios xe 16.11.1s

cisco ios xe 16.10.1e

cisco ios xe 16.12.2

cisco ios 15.2\\(7a\\)e0b

cisco ios 15.2\\(7\\)e0b

cisco ios 15.1\\(3\\)svs

cisco ios xe 16.12.4

cisco ios 15.2\\(7b\\)e0b

cisco ios 15.2\\(4\\)ea9a

cisco ios 15.3\\(3\\)jj

cisco ios 15.3\\(3\\)jk

cisco ios 15.3\\(3\\)jj1

cisco ios 15.2\\(4\\)ea10

cisco ios 15.3\\(3\\)jf11

cisco ios 15.3\\(3\\)ji5

cisco ios 15.3\\(3\\)ji3

cisco ios 15.3\\(3\\)ji4

cisco ios 15.3\\(3\\)jd17

cisco ios 15.3\\(3\\)jk1

cisco ios 15.3\\(3\\)jf10

cisco ios 15.3\\(3\\)jf12

cisco ios 15.3\\(3\\)jk3

cisco ios 15.3\\(3\\)jk1t

cisco ios 15.3\\(3\\)jk2a

cisco ios 15.3\\(3\\)jf13

cisco ios xe 16.12.3

cisco ios xe 17.2.1

cisco ios xe 17.1.1s

cisco ios xe 16.12.2t

cisco ios xe 16.12.2s

cisco ios xe 17.1.1t

cisco ios xe 16.12.3s

cisco ios xe 17.1.2

cisco ios 15.3\\(3\\)jk4

cisco ios 15.3\\(3\\)ji6

cisco ios 15.3\\(3\\)jk2

cisco ios 15.3\\(3\\)jf12i

cisco ios 15.1\\(3\\)svt1

Vendor Advisories

Cisco: Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability
A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user This vulnerability exists because incorrect permissions are associated with the show cip se ...

References

CWE-522https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-SAP-OPLbze68https://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-SAP-OPLbze68
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgeryCVE-2024-34351CVE-2024-1076CVE-2024-25522CVE-2024-34547CVE-2024-4644unauthorizedremoteCVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook