CVE-2021-1391

MEDIUM

Cisco IOS XE - Privilege Escalation

Title source: llm

Description

A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consent token mechanism with the residual scripts on the affected device. A successful exploit could allow the attacker to escalate from privilege level 15 to root privilege.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-FSM-Yj8qJbJc

Scores

CVSS v3 5.1

EPSS 0.0004

EPSS Percentile 12.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-489

Status published

Products (50)

cisco/ios 12.2\(6\)i1

cisco/ios 15.0\(2\)se13a

cisco/ios 15.1\(3\)svr1

cisco/ios 15.1\(3\)svr2

cisco/ios 15.1\(3\)svr3

cisco/ios 15.1\(3\)svs

cisco/ios 15.1\(3\)svs1

cisco/ios 15.2\(4\)ea10

cisco/ios 15.2\(5\)e

cisco/ios 15.2\(5\)e1

... and 40 more

Published Mar 24, 2021

Tracked Since Feb 18, 2026