CVE-2021-1392

A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user. This vulnerability exists because incorrect permissions are associated with the show cip security CLI command. An attacker could exploit this vulnerability by issuing the command to retrieve the password for CIP on an affected device. A successful exploit could allow the attacker to reconfigure the device.

Published: Mar 24, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-1392
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-522

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
cisco / ios	15.2(4)ea	15.2(4)ea.x
cisco / ios	15.3(3)jnb3	15.3(3)jnb3.x
cisco / ios_xe	3.6.5be	3.6.5be.x
cisco / ios	15.2(2)e5b	15.2(2)e5b.x
cisco / ios	15.0(1)ey	15.0(1)ey.x
cisco / ios	15.3(3)jn	15.3(3)jn.x
cisco / ios	15.3(3)jb	15.3(3)jb.x
cisco / ios	15.3(3)jnb2	15.3(3)jnb2.x
cisco / ios_xe	3.7.4e	3.7.4e.x
cisco / ios	15.3(3)jpc	15.3(3)jpc.x
cisco / ios	15.2(3)e2	15.2(3)e2.x
cisco / ios	15.3(3)jc2	15.3(3)jc2.x
cisco / ios	15.3(3)jaa	15.3(3)jaa.x
cisco / ios	15.2(4)ea4	15.2(4)ea4.x
cisco / ios	15.2(2)e3	15.2(2)e3.x
cisco / ios	15.2(3)e4	15.2(3)e4.x
cisco / ios	15.2(4)ec1	15.2(4)ec1.x
cisco / ios	15.3(3)jbb2	15.3(3)jbb2.x
cisco / ios	15.3(3)jc	15.3(3)jc.x
cisco / ios	15.2(2)e6	15.2(2)e6.x
cisco / ios	15.3(3)ja10	15.3(3)ja10.x
cisco / ios	15.2(2)ea2	15.2(2)ea2.x
cisco / ios	15.3(3)jnc1	15.3(3)jnc1.x
cisco / ios	15.3(3)jbb5	15.3(3)jbb5.x
cisco / ios	15.3(3)jnp	15.3(3)jnp.x
cisco / ios	15.3(3)jbb6a	15.3(3)jbb6a.x
cisco / ios	15.2(3)e5	15.2(3)e5.x
cisco / ios	15.2(2)ea1	15.2(2)ea1.x
cisco / ios	15.2(5a)e1	15.2(5a)e1.x
cisco / ios	15.3(3)jax	15.3(3)jax.x
cisco / ios	15.3(3)jd2	15.3(3)jd2.x
cisco / ios	15.3(3)jn3	15.3(3)jn3.x
cisco / ios	15.3(3)ja1	15.3(3)ja1.x
cisco / ios	15.2(2)e2	15.2(2)e2.x
cisco / ios	15.2(3)e3	15.2(3)e3.x
cisco / ios	15.3(3)jnc	15.3(3)jnc.x
cisco / ios	15.3(3)jnc3	15.3(3)jnc3.x
cisco / ios	15.3(3)jbb6	15.3(3)jbb6.x
cisco / ios	15.3(3)ja8	15.3(3)ja8.x
cisco / ios	15.3(3)ja6	15.3(3)ja6.x
cisco / ios	15.2(2)e1	15.2(2)e1.x
cisco / ios	15.3(3)jn9	15.3(3)jn9.x
cisco / ios	15.3(3)jpb	15.3(3)jpb.x
cisco / ios	15.3(3)jpc1	15.3(3)jpc1.x
cisco / ios	15.2(4)ea1	15.2(4)ea1.x
cisco / ios	15.3(3)jnb	15.3(3)jnb.x
cisco / ios	15.2(2)e	15.2(2)e.x
cisco / ios	15.2(4)ea3	15.2(4)ea3.x
cisco / ios_xe	3.3.1xo	3.3.1xo.x
cisco / ios	15.2(2)eb2	15.2(2)eb2.x
cisco / ios	15.2(2)eb1	15.2(2)eb1.x
cisco / ios	15.3(3)jn8	15.3(3)jn8.x
cisco / ios	15.2(5)ea	15.2(5)ea.x
cisco / ios	15.3(3)jpb1	15.3(3)jpb1.x
cisco / ios	15.2(2)eb	15.2(2)eb.x
cisco / ios_xe	3.7.5e	3.7.5e.x
cisco / ios	15.3(3)jnp1	15.3(3)jnp1.x
cisco / ios	15.2(3)ea	15.2(3)ea.x
cisco / ios	15.2(2)e4	15.2(2)e4.x
cisco / ios	15.3(3)jc3	15.3(3)jc3.x
cisco / ios	15.2(5)e2	15.2(5)e2.x
cisco / ios	15.3(3)jnd	15.3(3)jnd.x
cisco / ios	15.2(1)ey	15.2(1)ey.x
cisco / ios	15.3(3)jax2	15.3(3)jax2.x
cisco / ios	15.2(2)e5	15.2(2)e5.x
cisco / ios	15.3(3)jd	15.3(3)jd.x
cisco / ios	15.2(2a)e2	15.2(2a)e2.x
cisco / ios_xe	3.3.2xo	3.3.2xo.x
cisco / ios	15.2(4)ec2	15.2(4)ec2.x
cisco / ios	15.2(2)e5a	15.2(2)e5a.x
cisco / ios	15.3(3)jnc2	15.3(3)jnc2.x
cisco / ios	15.3(3)jnp3	15.3(3)jnp3.x
cisco / ios	15.2(3)e1	15.2(3)e1.x
cisco / ios	15.0(1)ey1	15.0(1)ey1.x
cisco / ios	15.0(1)ey2	15.0(1)ey2.x
cisco / ios	15.3(3)jbb	15.3(3)jbb.x
cisco / ios	15.3(3)jc4	15.3(3)jc4.x
cisco / ios_xe	3.3.0xo	3.3.0xo.x
cisco / ios	15.3(3)jbb4	15.3(3)jbb4.x
cisco / ios	15.3(3)jc1	15.3(3)jc1.x
cisco / ios	15.3(3)jnb4	15.3(3)jnb4.x
cisco / ios	15.3(3)jpc2	15.3(3)jpc2.x
cisco / ios	15.3(3)jn4	15.3(3)jn4.x
cisco / ios	15.3(3)ja5	15.3(3)ja5.x
cisco / ios	15.2(2)e7	15.2(2)e7.x
cisco / ios	15.3(3)jbb8	15.3(3)jbb8.x
cisco / ios	15.3(3)ja7	15.3(3)ja7.x
cisco / ios	15.2(5)e1	15.2(5)e1.x
cisco / ios	15.2(5)e	15.2(5)e.x
cisco / ios	15.2(2)ea3	15.2(2)ea3.x
cisco / ios	15.3(3)ja4	15.3(3)ja4.x
cisco / ios	15.3(3)jn7	15.3(3)jn7.x
cisco / ios	15.3(3)jax1	15.3(3)jax1.x
cisco / ios	15.3(3)jbb1	15.3(3)jbb1.x
cisco / ios	15.3(3)jnb1	15.3(3)jnb1.x
cisco / ios	15.3(3)jc5	15.3(3)jc5.x
cisco / ios	15.3(3)jnb6	15.3(3)jnb6.x
cisco / ios	15.3(3)jd3	15.3(3)jd3.x
cisco / ios	15.2(5)e2b	15.2(5)e2b.x
cisco / ios	15.3(3)jc6	15.3(3)jc6.x
cisco / ios	15.3(3)jnc4	15.3(3)jnc4.x
cisco / ios	15.2(4)ea5	15.2(4)ea5.x
cisco / ios	15.3(3)ja11	15.3(3)ja11.x
cisco / ios	15.3(3)jpc3	15.3(3)jpc3.x
cisco / ios	15.3(3)jnd3	15.3(3)jnd3.x
cisco / ios	15.3(3)jnd1	15.3(3)jnd1.x
cisco / ios	15.3(3)jd4	15.3(3)jd4.x
cisco / ios	15.3(3)jnd2	15.3(3)jnd2.x
cisco / ios	15.3(3)jpd	15.3(3)jpd.x
cisco / ios	15.3(3)je	15.3(3)je.x
cisco / ios	15.3(3)jd7	15.3(3)jd7.x
cisco / ios	15.3(3)jf1	15.3(3)jf1.x
cisco / ios	15.2(5)e2c	15.2(5)e2c.x
cisco / ios_xe	16.9.1	16.9.1.x
cisco / ios	15.2(2b)e	15.2(2b)e.x
cisco / ios	15.2(2)ea	15.2(2)ea.x
cisco / ios	15.2(4)ea6	15.2(4)ea6.x
cisco / ios	15.2(4)ea2	15.2(4)ea2.x
cisco / ios	15.2(4)e5a	15.2(4)e5a.x
cisco / ios	15.2(4)ea9	15.2(4)ea9.x
cisco / ios	15.2(2)e7b	15.2(2)e7b.x
cisco / ios	15.2(6)e1	15.2(6)e1.x
cisco / ios	15.2(6)e	15.2(6)e.x
cisco / ios	15.2(4)ea8	15.2(4)ea8.x
cisco / ios	15.2(6)e0c	15.2(6)e0c.x
cisco / ios	15.2(2)e8	15.2(2)e8.x
cisco / ios	15.2(6)e0a	15.2(6)e0a.x
cisco / ios	15.2(6)e1a	15.2(6)e1a.x
cisco / ios	15.2(6)e1s	15.2(6)e1s.x
cisco / ios_xe	16.9.1d	16.9.1d.x
cisco / ios	15.3(3)jd9	15.3(3)jd9.x
cisco / ios	15.3(3)jd11	15.3(3)jd11.x
cisco / ios	15.3(3)jf8	15.3(3)jf8.x
cisco / ios	15.3(3)jf7	15.3(3)jf7.x
cisco / ios	15.3(3)jh	15.3(3)jh.x
cisco / ios	15.2(2)e10	15.2(2)e10.x
cisco / ios	15.3(3)jd12	15.3(3)jd12.x
cisco / ios	15.3(3)jf9	15.3(3)jf9.x
cisco / ios	15.3(3)jd13	15.3(3)jd13.x
cisco / ios	15.2(2)e9	15.2(2)e9.x
cisco / ios	15.3(3)jd6	15.3(3)jd6.x
cisco / ios	15.3(3)jd8	15.3(3)jd8.x
cisco / ios	15.3(3)jd16	15.3(3)jd16.x
cisco / ios	15.3(3)jh1	15.3(3)jh1.x
cisco / ios	15.3(3)jd5	15.3(3)jd5.x
cisco / ios	15.3(3)jg1	15.3(3)jg1.x
cisco / ios	15.3(3)jd14	15.3(3)jd14.x
cisco / ios	15.3(3)jf5	15.3(3)jf5.x
cisco / ios	15.3(3)jg	15.3(3)jg.x
cisco / ios	15.3(3)jc14	15.3(3)jc14.x
cisco / ios	15.3(3)jc9	15.3(3)jc9.x
cisco / ios	15.3(3)jc8	15.3(3)jc8.x
cisco / ios	15.3(3)ji1	15.3(3)ji1.x
cisco / ios	15.3(3)jf	15.3(3)jf.x
cisco / ios	15.3(3)jf6	15.3(3)jf6.x
cisco / ios	15.2(4)ea7	15.2(4)ea7.x
cisco / ios	15.3(3)jf4	15.3(3)jf4.x
cisco / ios	15.3(3)jf2	15.3(3)jf2.x
cisco / ios_xe	16.10.1	16.10.1.x
cisco / ios	15.3(3)jn11	15.3(3)jn11.x
cisco / ios	15.3(3)ja12	15.3(3)ja12.x
cisco / ios	15.3(3)jn14	15.3(3)jn14.x
cisco / ios	15.3(3)jn13	15.3(3)jn13.x
cisco / ios	15.3(3)jn15	15.3(3)jn15.x
cisco / ios	15.3(3)jpc5	15.3(3)jpc5.x
cisco / ios	15.3(3)jn6	15.3(3)jn6.x
cisco / ios	15.2(4)jaz	15.2(4)jaz.x
cisco / ios	15.3(3)jnb5	15.3(3)jnb5.x
cisco / ios_xe	16.12.1	16.12.1.x
cisco / ios_xe	16.11.1	16.11.1.x
cisco / ios_xe	17.1.1	17.1.1.x
cisco / ios_xe	16.11.1a	16.11.1a.x
cisco / ios_xe	16.12.1c	16.12.1c.x
cisco / ios_xe	16.11.2	16.11.2.x
cisco / ios_xe	16.12.1s	16.12.1s.x
cisco / ios_xe	16.11.1c	16.11.1c.x
cisco / ios_xe	16.11.1s	16.11.1s.x
cisco / ios_xe	16.10.1e	16.10.1e.x
cisco / ios_xe	16.12.2	16.12.2.x
cisco / ios	15.2(7a)e0b	15.2(7a)e0b.x
cisco / ios	15.2(7)e0b	15.2(7)e0b.x
cisco / ios	15.1(3)svs	15.1(3)svs.x
cisco / ios_xe	16.12.4	16.12.4.x
cisco / ios	15.2(7b)e0b	15.2(7b)e0b.x
cisco / ios	15.2(4)ea9a	15.2(4)ea9a.x
cisco / ios	15.3(3)jj	15.3(3)jj.x
cisco / ios	15.3(3)jk	15.3(3)jk.x
cisco / ios	15.3(3)jj1	15.3(3)jj1.x
cisco / ios	15.2(4)ea10	15.2(4)ea10.x
cisco / ios	15.3(3)jf11	15.3(3)jf11.x
cisco / ios	15.3(3)ji5	15.3(3)ji5.x
cisco / ios	15.3(3)ji3	15.3(3)ji3.x
cisco / ios	15.3(3)ji4	15.3(3)ji4.x
cisco / ios	15.3(3)jd17	15.3(3)jd17.x
cisco / ios	15.3(3)jk1	15.3(3)jk1.x
cisco / ios	15.3(3)jf10	15.3(3)jf10.x
cisco / ios	15.3(3)jf12	15.3(3)jf12.x
cisco / ios	15.3(3)jk3	15.3(3)jk3.x
cisco / ios	15.3(3)jk1t	15.3(3)jk1t.x
cisco / ios	15.3(3)jk2a	15.3(3)jk2a.x
cisco / ios	15.3(3)jf13	15.3(3)jf13.x
cisco / ios_xe	16.12.3	16.12.3.x
cisco / ios_xe	17.2.1	17.2.1.x
cisco / ios_xe	17.1.1s	17.1.1s.x
cisco / ios_xe	16.12.2t	16.12.2t.x
cisco / ios_xe	16.12.2s	16.12.2s.x
cisco / ios_xe	17.1.1t	17.1.1t.x
cisco / ios_xe	16.12.3s	16.12.3s.x
cisco / ios_xe	17.1.2	17.1.2.x
cisco / ios	15.3(3)jk4	15.3(3)jk4.x
cisco / ios	15.3(3)ji6	15.3(3)ji6.x
cisco / ios	15.3(3)jk2	15.3(3)jk2.x
cisco / ios	15.3(3)jf12i	15.3(3)jf12i.x
cisco / ios	15.1(3)svt1	15.1(3)svt1.x

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-SAP-OPLbze68

Vulnerability Database

289,599

CVE-2021-1392