SB2021020335 - Local information disclosure in Cisco IOS XR
Published: February 3, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Information disclosure (CVE-ID: CVE-2021-1128)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists in the CLI parser of Cisco IOS XR Software due to insufficient application of restrictions during the execution of a specific command. A local user can gain unauthorized access to sensitive information on the system.
Remediation
Install update from vendor's website.