Main Vulnerability Database Vulnerabilities #VU51762

Improper Verification of Cryptographic Signature in Cisco Systems, Inc products - CVE-2021-1376

Published: March 29, 2021

Vulnerability identifier: #VU51762

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-1376

CWE-ID: CWE-347

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Cisco IOS XE
Cisco Catalyst 3850 Series Switches
Cisco Catalyst 9300 Series Switches
Cisco Catalyst 9300L Series Switches

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists in the fast reload feature due to an improper check on the area of code that manages the verification of boot configuration files during the initial fast reload boot process. A local administrator can execute arbitrary code on the underlying operating system.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fast-Zqr6DD5

Improper Verification of Cryptographic Signature in Cisco Systems, Inc products - CVE-2021-1376

Description

Remediation

External links

Please verify you're human