CVE-2021-1128
MEDIUMCisco IOS XR - Authenticated Information Disclosure via CLI Command
Title source: llmDescription
A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain sensitive information within the configuration that otherwise might not have been accessible beyond the privileges of the invoking user.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-infodisc-4mtm9Gyt
Scores
CVSS v3
5.5
EPSS
0.0007
EPSS Percentile
21.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-201
Status
published
Products (3)
cisco/ios_xr
7.2.0
cisco/ios_xr
7.3.0
cisco/ios_xr
< 7.1.2
Published
Feb 04, 2021
Tracked Since
Feb 18, 2026