CVE-2021-1529

7.8

HIGH

Cisco IOS XE SD-WAN Arbitrary Command Execution Vulnerability

Description

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

INFO

Published Date :

Oct. 21, 2021, 3:15 a.m.

Last Modified :

Nov. 21, 2024, 5:44 a.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8

Affected Products

The following products are affected by CVE-2021-1529 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Cisco	ios_xe
2	Cisco	sd-wan
3	Cisco	catalyst_8500
4	Cisco	catalyst_8510csr
5	Cisco	catalyst_8510msr
6	Cisco	catalyst_8540csr
7	Cisco	catalyst_8540msr
8	Cisco	ios_xe_sd-wan
9	Cisco	asr_1001
10	Cisco	asr_1002
11	Cisco	asr_1002-x
12	Cisco	asr_1002_fixed_router
13	Cisco	asr_1004
14	Cisco	asr_1006
15	Cisco	asr_1013
16	Cisco	1100-4g\/6g_integrated_services_router
17	Cisco	1100-4p_integrated_services_router
18	Cisco	1100-8p_integrated_services_router
19	Cisco	1100_integrated_services_router
20	Cisco	1101-4p_integrated_services_router
21	Cisco	1101_integrated_services_router
22	Cisco	1109-2p_integrated_services_router
23	Cisco	1109-4p_integrated_services_router
24	Cisco	1109_integrated_services_router
25	Cisco	1111x-8p_integrated_services_router
26	Cisco	111x_integrated_services_router
27	Cisco	1120_integrated_services_router
28	Cisco	1160_integrated_services_router
29	Cisco	4000_integrated_services_router
30	Cisco	4221_integrated_services_router
31	Cisco	asr_1000
32	Cisco	asr_1000-esp100
33	Cisco	asr_1001-hx
34	Cisco	asr_1001-hx_r
35	Cisco	asr_1001-x
36	Cisco	asr_1001-x_r
37	Cisco	asr_1002-hx
38	Cisco	asr_1002-hx_r
39	Cisco	asr_1002-x_r
40	Cisco	asr_1006-x
41	Cisco	asr_1009-x
42	Cisco	asr_1023
43	Cisco	catalyst_8300-1n1s-4t2x
44	Cisco	catalyst_8300-1n1s-6t
45	Cisco	catalyst_8300-2n2s-4t2x
46	Cisco	catalyst_8300-2n2s-6t
47	Cisco	catalyst_8500l
48	Cisco	1000_integrated_services_router
49	Cisco	1111x_integrated_services_router
50	Cisco	4321_integrated_services_router
51	Cisco	4331_integrated_services_router
52	Cisco	4351_integrated_services_router
53	Cisco	4431_integrated_services_router
54	Cisco	4451-x_integrated_services_router
55	Cisco	4451_integrated_services_router
56	Cisco	4461_integrated_services_router
57	Cisco	asr_1000-x
58	Cisco	csr_1000v

: Total Affected Vendor : 1 | Products : 58

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-1529.

URL	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-rhpbE34A	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-rhpbE34A	Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-1529 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-1529 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

Nov. 21, 2024

Action	Type	Old Value	New Value
Added	Reference		https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-rhpbE34A

CVE Modified by [email protected]

May. 14, 2024

Action	Type	Old Value	New Value

CVE Modified by [email protected]

Nov. 07, 2023

Action	Type	Old Value	New Value
Removed	CVSS V3	Cisco Systems, Inc. AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added	CVSS V3.1		Cisco Systems, Inc. AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_4331:-:::::::	OR cpe:2.3:h:cisco:4331_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_4000:-:::::::	OR cpe:2.3:h:cisco:4000_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_4321:-:::::::	OR cpe:2.3:h:cisco:4321_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_4351:-:::::::	OR cpe:2.3:h:cisco:4351_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_1111x-8p:-:::::::	OR cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_1100-8p:-:::::::	OR cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_1100-4p:-:::::::	OR cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_1101-4p:-:::::::	OR cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_1109-4p:-:::::::	OR cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_1109-2p:-:::::::	OR cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_4431:-:::::::	OR cpe:2.3:h:cisco:4431_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_1100:-:::::::	OR cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_1101:-:::::::	OR cpe:2.3:h:cisco:1101_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_1109:-:::::::	OR cpe:2.3:h:cisco:1109_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_111x:-:::::::	OR cpe:2.3:h:cisco:111x_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_1111x:-:::::::	OR cpe:2.3:h:cisco:1111x_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_1120:-:::::::	OR cpe:2.3:h:cisco:1120_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_1160:-:::::::	OR cpe:2.3:h:cisco:1160_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_4451-x:-:::::::	OR cpe:2.3:h:cisco:4451-x_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_4451:-:::::::	OR cpe:2.3:h:cisco:4451_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_1100-4g/6g:-:::::::	OR cpe:2.3:h:cisco:1100-4g/6g_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_4461:-:::::::	OR cpe:2.3:h:cisco:4461_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_1000:-:::::::	OR cpe:2.3:h:cisco:1000_integrated_services_router:-:::::::

CPE Deprecation Remap by [email protected]

May. 22, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:h:cisco:isr_4221:-:::::::	OR cpe:2.3:h:cisco:4221_integrated_services_router:-:::::::

Reanalysis by [email protected]

Nov. 23, 2021

Action	Type	Old Value	New Value
Changed	CPE Configuration	AND OR cpe:2.3:a:cisco:ios_xe::::::::* versions from (including) 16.12 up to (including) 17.0 cpe:2.3:a:cisco:ios_xe::::::::* versions from (including) 17.2 up to (excluding) 17.2.3 cpe:2.3:a:cisco:ios_xe::::::::* versions from (including) 17.3 up to (excluding) 17.3.4 cpe:2.3:a:cisco:ios_xe::::::::* versions from (including) 17.4 up to (excluding) 17.4.2 cpe:2.3:a:cisco:ios_xe::::::::* versions from (including) 17.5 up to (excluding) 17.5.1a cpe:2.3:a:cisco:ios_xe:17.6.0::::::: OR cpe:2.3:h:cisco:asr_1000:-:::::::* cpe:2.3:h:cisco:asr_1000-esp100:-:::::::* cpe:2.3:h:cisco:asr_1000-x:-:::::::* cpe:2.3:h:cisco:asr_1001:-:::::::* cpe:2.3:h:cisco:asr_1001-hx:-:::::::* cpe:2.3:h:cisco:asr_1001-hx_r:-:::::::* cpe:2.3:h:cisco:asr_1001-x:-:::::::* cpe:2.3:h:cisco:asr_1001-x_r:-:::::::* cpe:2.3:h:cisco:asr_1002:-:::::::* cpe:2.3:h:cisco:asr_1002-hx:-:::::::* cpe:2.3:h:cisco:asr_1002-hx_r:-:::::::* cpe:2.3:h:cisco:asr_1002-x:-:::::::* cpe:2.3:h:cisco:asr_1002-x_r:-:::::::* cpe:2.3:h:cisco:asr_1004:-:::::::* cpe:2.3:h:cisco:asr_1006:-:::::::* cpe:2.3:h:cisco:asr_1006-x:-:::::::* cpe:2.3:h:cisco:asr_1009-x:-:::::::* cpe:2.3:h:cisco:asr_1013:-:::::::* cpe:2.3:h:cisco:asr_1023:-:::::::* cpe:2.3:h:cisco:catalyst_8300-1n1s-4t2x:-:::::::* cpe:2.3:h:cisco:catalyst_8300-1n1s-6t:-:::::::* cpe:2.3:h:cisco:catalyst_8300-2n2s-4t2x:-:::::::* cpe:2.3:h:cisco:catalyst_8300-2n2s-6t:-:::::::* cpe:2.3:h:cisco:catalyst_8500:-:::::::* cpe:2.3:h:cisco:catalyst_8500l:-:::::::* cpe:2.3:h:cisco:catalyst_8510csr:-:::::::* cpe:2.3:h:cisco:catalyst_8510msr:-:::::::* cpe:2.3:h:cisco:catalyst_8540csr:-:::::::* cpe:2.3:h:cisco:catalyst_8540msr:-:::::::* cpe:2.3:h:cisco:csr_1000v:-:::::::* cpe:2.3:h:cisco:isr_1000:-:::::::* cpe:2.3:h:cisco:isr_1100:-:::::::* cpe:2.3:h:cisco:isr_1100-4g\/6g:-:::::::* cpe:2.3:h:cisco:isr_1100-4p:-:::::::* cpe:2.3:h:cisco:isr_1100-8p:-:::::::* cpe:2.3:h:cisco:isr_1101:-:::::::* cpe:2.3:h:cisco:isr_1101-4p:-:::::::* cpe:2.3:h:cisco:isr_1109:-:::::::* cpe:2.3:h:cisco:isr_1109-2p:-:::::::* cpe:2.3:h:cisco:isr_1109-4p:-:::::::* cpe:2.3:h:cisco:isr_1111x:-:::::::* cpe:2.3:h:cisco:isr_1111x-8p:-:::::::* cpe:2.3:h:cisco:isr_111x:-:::::::* cpe:2.3:h:cisco:isr_1120:-:::::::* cpe:2.3:h:cisco:isr_1160:-:::::::* cpe:2.3:h:cisco:isr_4000:-:::::::* cpe:2.3:h:cisco:isr_4221:-:::::::* cpe:2.3:h:cisco:isr_4321:-:::::::* cpe:2.3:h:cisco:isr_4331:-:::::::* cpe:2.3:h:cisco:isr_4351:-:::::::* cpe:2.3:h:cisco:isr_4431:-:::::::* cpe:2.3:h:cisco:isr_4451:-:::::::* cpe:2.3:h:cisco:isr_4451-x:-:::::::* cpe:2.3:h:cisco:isr_4461:-:::::::*	AND OR cpe:2.3:o:cisco:ios_xe::::::::* versions from (including) 16.12 up to (including) 17.0 cpe:2.3:o:cisco:ios_xe::::::::* versions from (including) 17.2 up to (excluding) 17.2.3 cpe:2.3:o:cisco:ios_xe::::::::* versions from (including) 17.3 up to (excluding) 17.3.4 cpe:2.3:o:cisco:ios_xe::::::::* versions from (including) 17.4 up to (excluding) 17.4.2 cpe:2.3:o:cisco:ios_xe::::::::* versions from (including) 17.5 up to (excluding) 17.5.1a cpe:2.3:o:cisco:ios_xe:17.6.0::::::: OR cpe:2.3:h:cisco:asr_1000:-:::::::* cpe:2.3:h:cisco:asr_1000-esp100:-:::::::* cpe:2.3:h:cisco:asr_1000-x:-:::::::* cpe:2.3:h:cisco:asr_1001:-:::::::* cpe:2.3:h:cisco:asr_1001-hx:-:::::::* cpe:2.3:h:cisco:asr_1001-hx_r:-:::::::* cpe:2.3:h:cisco:asr_1001-x:-:::::::* cpe:2.3:h:cisco:asr_1001-x_r:-:::::::* cpe:2.3:h:cisco:asr_1002:-:::::::* cpe:2.3:h:cisco:asr_1002-hx:-:::::::* cpe:2.3:h:cisco:asr_1002-hx_r:-:::::::* cpe:2.3:h:cisco:asr_1002-x:-:::::::* cpe:2.3:h:cisco:asr_1002-x_r:-:::::::* cpe:2.3:h:cisco:asr_1004:-:::::::* cpe:2.3:h:cisco:asr_1006:-:::::::* cpe:2.3:h:cisco:asr_1006-x:-:::::::* cpe:2.3:h:cisco:asr_1009-x:-:::::::* cpe:2.3:h:cisco:asr_1013:-:::::::* cpe:2.3:h:cisco:asr_1023:-:::::::* cpe:2.3:h:cisco:catalyst_8300-1n1s-4t2x:-:::::::* cpe:2.3:h:cisco:catalyst_8300-1n1s-6t:-:::::::* cpe:2.3:h:cisco:catalyst_8300-2n2s-4t2x:-:::::::* cpe:2.3:h:cisco:catalyst_8300-2n2s-6t:-:::::::* cpe:2.3:h:cisco:catalyst_8500:-:::::::* cpe:2.3:h:cisco:catalyst_8500l:-:::::::* cpe:2.3:h:cisco:catalyst_8510csr:-:::::::* cpe:2.3:h:cisco:catalyst_8510msr:-:::::::* cpe:2.3:h:cisco:catalyst_8540csr:-:::::::* cpe:2.3:h:cisco:catalyst_8540msr:-:::::::* cpe:2.3:h:cisco:csr_1000v:-:::::::* cpe:2.3:h:cisco:isr_1000:-:::::::* cpe:2.3:h:cisco:isr_1100:-:::::::* cpe:2.3:h:cisco:isr_1100-4g\/6g:-:::::::* cpe:2.3:h:cisco:isr_1100-4p:-:::::::* cpe:2.3:h:cisco:isr_1100-8p:-:::::::* cpe:2.3:h:cisco:isr_1101:-:::::::* cpe:2.3:h:cisco:isr_1101-4p:-:::::::* cpe:2.3:h:cisco:isr_1109:-:::::::* cpe:2.3:h:cisco:isr_1109-2p:-:::::::* cpe:2.3:h:cisco:isr_1109-4p:-:::::::* cpe:2.3:h:cisco:isr_1111x:-:::::::* cpe:2.3:h:cisco:isr_1111x-8p:-:::::::* cpe:2.3:h:cisco:isr_111x:-:::::::* cpe:2.3:h:cisco:isr_1120:-:::::::* cpe:2.3:h:cisco:isr_1160:-:::::::* cpe:2.3:h:cisco:isr_4000:-:::::::* cpe:2.3:h:cisco:isr_4221:-:::::::* cpe:2.3:h:cisco:isr_4321:-:::::::* cpe:2.3:h:cisco:isr_4331:-:::::::* cpe:2.3:h:cisco:isr_4351:-:::::::* cpe:2.3:h:cisco:isr_4431:-:::::::* cpe:2.3:h:cisco:isr_4451:-:::::::* cpe:2.3:h:cisco:isr_4451-x:-:::::::* cpe:2.3:h:cisco:isr_4461:-:::::::*

Initial Analysis by [email protected]

Oct. 26, 2021

Action	Type	Old Value	New Value
Added	CVSS V2 Metadata		Obtain Admin/Root Access
Added	CVSS V2		NIST (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Added	CVSS V3.1		NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Changed	Reference Type	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-rhpbE34A No Types Assigned	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-rhpbE34A Vendor Advisory
Added	CWE		NIST CWE-78
Added	CPE Configuration		AND OR cpe:2.3:a:cisco:ios_xe::::::::* versions from (including) 16.12 up to (including) 17.0 cpe:2.3:a:cisco:ios_xe::::::::* versions from (including) 17.2 up to (excluding) 17.2.3 cpe:2.3:a:cisco:ios_xe::::::::* versions from (including) 17.3 up to (excluding) 17.3.4 cpe:2.3:a:cisco:ios_xe::::::::* versions from (including) 17.4 up to (excluding) 17.4.2 cpe:2.3:a:cisco:ios_xe::::::::* versions from (including) 17.5 up to (excluding) 17.5.1a cpe:2.3:a:cisco:ios_xe:17.6.0::::::: OR cpe:2.3:h:cisco:asr_1000:-:::::::* cpe:2.3:h:cisco:asr_1000-esp100:-:::::::* cpe:2.3:h:cisco:asr_1000-x:-:::::::* cpe:2.3:h:cisco:asr_1001:-:::::::* cpe:2.3:h:cisco:asr_1001-hx:-:::::::* cpe:2.3:h:cisco:asr_1001-hx_r:-:::::::* cpe:2.3:h:cisco:asr_1001-x:-:::::::* cpe:2.3:h:cisco:asr_1001-x_r:-:::::::* cpe:2.3:h:cisco:asr_1002:-:::::::* cpe:2.3:h:cisco:asr_1002-hx:-:::::::* cpe:2.3:h:cisco:asr_1002-hx_r:-:::::::* cpe:2.3:h:cisco:asr_1002-x:-:::::::* cpe:2.3:h:cisco:asr_1002-x_r:-:::::::* cpe:2.3:h:cisco:asr_1004:-:::::::* cpe:2.3:h:cisco:asr_1006:-:::::::* cpe:2.3:h:cisco:asr_1006-x:-:::::::* cpe:2.3:h:cisco:asr_1009-x:-:::::::* cpe:2.3:h:cisco:asr_1013:-:::::::* cpe:2.3:h:cisco:asr_1023:-:::::::* cpe:2.3:h:cisco:catalyst_8300-1n1s-4t2x:-:::::::* cpe:2.3:h:cisco:catalyst_8300-1n1s-6t:-:::::::* cpe:2.3:h:cisco:catalyst_8300-2n2s-4t2x:-:::::::* cpe:2.3:h:cisco:catalyst_8300-2n2s-6t:-:::::::* cpe:2.3:h:cisco:catalyst_8500:-:::::::* cpe:2.3:h:cisco:catalyst_8500l:-:::::::* cpe:2.3:h:cisco:catalyst_8510csr:-:::::::* cpe:2.3:h:cisco:catalyst_8510msr:-:::::::* cpe:2.3:h:cisco:catalyst_8540csr:-:::::::* cpe:2.3:h:cisco:catalyst_8540msr:-:::::::* cpe:2.3:h:cisco:csr_1000v:-:::::::* cpe:2.3:h:cisco:isr_1000:-:::::::* cpe:2.3:h:cisco:isr_1100:-:::::::* cpe:2.3:h:cisco:isr_1100-4g\/6g:-:::::::* cpe:2.3:h:cisco:isr_1100-4p:-:::::::* cpe:2.3:h:cisco:isr_1100-8p:-:::::::* cpe:2.3:h:cisco:isr_1101:-:::::::* cpe:2.3:h:cisco:isr_1101-4p:-:::::::* cpe:2.3:h:cisco:isr_1109:-:::::::* cpe:2.3:h:cisco:isr_1109-2p:-:::::::* cpe:2.3:h:cisco:isr_1109-4p:-:::::::* cpe:2.3:h:cisco:isr_1111x:-:::::::* cpe:2.3:h:cisco:isr_1111x-8p:-:::::::* cpe:2.3:h:cisco:isr_111x:-:::::::* cpe:2.3:h:cisco:isr_1120:-:::::::* cpe:2.3:h:cisco:isr_1160:-:::::::* cpe:2.3:h:cisco:isr_4000:-:::::::* cpe:2.3:h:cisco:isr_4221:-:::::::* cpe:2.3:h:cisco:isr_4321:-:::::::* cpe:2.3:h:cisco:isr_4331:-:::::::* cpe:2.3:h:cisco:isr_4351:-:::::::* cpe:2.3:h:cisco:isr_4431:-:::::::* cpe:2.3:h:cisco:isr_4451:-:::::::* cpe:2.3:h:cisco:isr_4451-x:-:::::::* cpe:2.3:h:cisco:isr_4461:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:ios_xe_sd-wan::::::::* versions from (including) 17.2.1r OR cpe:2.3:h:cisco:asr_1000:-:::::::* cpe:2.3:h:cisco:asr_1000-esp100:-:::::::* cpe:2.3:h:cisco:asr_1000-x:-:::::::* cpe:2.3:h:cisco:asr_1001:-:::::::* cpe:2.3:h:cisco:asr_1001-hx:-:::::::* cpe:2.3:h:cisco:asr_1001-hx_r:-:::::::* cpe:2.3:h:cisco:asr_1001-x:-:::::::* cpe:2.3:h:cisco:asr_1001-x_r:-:::::::* cpe:2.3:h:cisco:asr_1002:-:::::::* cpe:2.3:h:cisco:asr_1002-hx:-:::::::* cpe:2.3:h:cisco:asr_1002-hx_r:-:::::::* cpe:2.3:h:cisco:asr_1002-x:-:::::::* cpe:2.3:h:cisco:asr_1002-x_r:-:::::::* cpe:2.3:h:cisco:asr_1002_fixed_router:-:::::::* cpe:2.3:h:cisco:asr_1004:-:::::::* cpe:2.3:h:cisco:asr_1006:-:::::::* cpe:2.3:h:cisco:asr_1006-x:-:::::::* cpe:2.3:h:cisco:asr_1009-x:-:::::::* cpe:2.3:h:cisco:asr_1013:-:::::::* cpe:2.3:h:cisco:asr_1023:-:::::::* cpe:2.3:h:cisco:catalyst_8300-1n1s-4t2x:-:::::::* cpe:2.3:h:cisco:catalyst_8300-1n1s-6t:-:::::::* cpe:2.3:h:cisco:catalyst_8300-2n2s-4t2x:-:::::::* cpe:2.3:h:cisco:catalyst_8300-2n2s-6t:-:::::::* cpe:2.3:h:cisco:catalyst_8500:-:::::::* cpe:2.3:h:cisco:catalyst_8500l:-:::::::* cpe:2.3:h:cisco:catalyst_8510csr:-:::::::* cpe:2.3:h:cisco:catalyst_8510msr:-:::::::* cpe:2.3:h:cisco:catalyst_8540csr:-:::::::* cpe:2.3:h:cisco:catalyst_8540msr:-:::::::* cpe:2.3:h:cisco:csr_1000v:-:::::::* cpe:2.3:h:cisco:isr_1100:-:::::::* cpe:2.3:h:cisco:isr_1100-4g\/6g:-:::::::* cpe:2.3:h:cisco:isr_1100-4p:-:::::::* cpe:2.3:h:cisco:isr_1100-8p:-:::::::* cpe:2.3:h:cisco:isr_1101:-:::::::* cpe:2.3:h:cisco:isr_1101-4p:-:::::::* cpe:2.3:h:cisco:isr_1109:-:::::::* cpe:2.3:h:cisco:isr_1109-2p:-:::::::* cpe:2.3:h:cisco:isr_1109-4p:-:::::::* cpe:2.3:h:cisco:isr_1111x:-:::::::* cpe:2.3:h:cisco:isr_1111x-8p:-:::::::* cpe:2.3:h:cisco:isr_111x:-:::::::* cpe:2.3:h:cisco:isr_1120:-:::::::* cpe:2.3:h:cisco:isr_1160:-:::::::* cpe:2.3:h:cisco:isr_4000:-:::::::* cpe:2.3:h:cisco:isr_4221:-:::::::* cpe:2.3:h:cisco:isr_4321:-:::::::* cpe:2.3:h:cisco:isr_4331:-:::::::* cpe:2.3:h:cisco:isr_4351:-:::::::* cpe:2.3:h:cisco:isr_4431:-:::::::* cpe:2.3:h:cisco:isr_4451:-:::::::* cpe:2.3:h:cisco:isr_4451-x:-:::::::* cpe:2.3:h:cisco:isr_4461:-:::::::*

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-1529 is associated with the following CWEs:

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-1529 weaknesses.

CAPEC-6: Argument Injection Argument Injection CAPEC-15: Command Delimiters Command Delimiters CAPEC-43: Exploiting Multiple Input Interpretation Layers Exploiting Multiple Input Interpretation Layers CAPEC-88: OS Command Injection OS Command Injection CAPEC-108: Command Line Execution through SQL Injection Command Line Execution through SQL Injection

CVE-2021-1529

Cisco IOS XE SD-WAN Arbitrary Command Execution Vulnerability

Description

INFO

Oct. 21, 2021, 3:15 a.m.

Nov. 21, 2024, 5:44 a.m.

[email protected]

No

5.9

1.8

Affected Products

References to Advisories, Solutions, and Tools

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

CVE Modified by [email protected]

CVE Modified by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

Reanalysis by [email protected]

Initial Analysis by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

0.04 }} 0.00%

0.05784

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable