CVE-2021-34723
MEDIUMCisco IOS XE SD-WAN - Authenticated Arbitrary File Write via CLI Command
Title source: llmDescription
A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of the configuration database and gain root-level access to an affected device.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-arbfileov-MVOF3ZZn
Scores
CVSS v3
6.7
EPSS
0.0006
EPSS Percentile
17.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-668
Status
published
Products (1)
cisco/ios_xe
17.3.1a
Published
Sep 23, 2021
Tracked Since
Feb 18, 2026