CVE-2021-1398

MEDIUM

Cisco IOS XE - RCE

Title source: llm

Description

A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operating system of an affected device. This vulnerability is due to incorrect validations of specific function arguments that are passed to the boot script. An attacker could exploit this vulnerability by tampering with a specific file, which an affected device would process during the initial boot process. On systems that are protected by the Unified Extensible Firmware Interface (UEFI) secure boot feature, a successful exploit could allow the attacker to execute unsigned code at boot time and bypass the image verification check in the secure boot process of the affected device.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-ACE-75K3bRWe

Scores

CVSS v3 6.8

EPSS 0.0006

EPSS Percentile 20.0%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-489

Status published

Products (50)

cisco/ios_xe 3.7.0bs

cisco/ios_xe 3.7.0s

cisco/ios_xe 3.7.0xas

cisco/ios_xe 3.7.0xbs

cisco/ios_xe 3.7.1as

cisco/ios_xe 3.7.1s

cisco/ios_xe 3.7.2s

cisco/ios_xe 3.7.2ts

cisco/ios_xe 3.7.3s

cisco/ios_xe 3.7.4as

... and 40 more

Published Mar 24, 2021

Tracked Since Feb 18, 2026