Information disclosure in Cisco IOS XR - CVE-2021-1128
Published: February 3, 2021
Vulnerability identifier: #VU50302
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1128
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco IOS XR
Cisco IOS XR
Detailed vulnerability description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists in the CLI parser of Cisco IOS XR Software due to insufficient application of restrictions during the execution of a specific command. A local user can gain unauthorized access to sensitive information on the system.
How to mitigate CVE-2021-1128
Install updates from vendor's website.