#VU50302 Information disclosure in Cisco IOS XR - CVE-2021-1128
Published: February 3, 2021
Vulnerability identifier: #VU50302
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1128
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS XR
Cisco IOS XR
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists in the CLI parser of Cisco IOS XR Software due to insufficient application of restrictions during the execution of a specific command. A local user can gain unauthorized access to sensitive information on the system.
Remediation
Install updates from vendor's website.