CVE-2021-34725

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root-level privileges.

Published: Sep 23, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-34725
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
cisco / ios_xe_sd-wan	-	17.2.1r.x

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-maapi-privesc-KSUg7QSS

Vulnerability Database

289,599

CVE-2021-34725