#VU51731 Path traversal in Cisco Systems, Inc products - CVE-2021-1385
Published: March 25, 2021
Vulnerability identifier: #VU51731
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1385
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
809 Industrial Integrated Services Routers
829 Industrial Integrated Services Routers
CGR 1000 Compute Module
IC3000 Industrial Compute Gateway
Cisco IOS XE
Cisco IOS
809 Industrial Integrated Services Routers
829 Industrial Integrated Services Routers
CGR 1000 Compute Module
IC3000 Industrial Compute Gateway
Cisco IOS XE
Cisco IOS
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to the affected device does not properly validate URIs in IOx API requests. A remote administrator can send a specially crafted HTTP request and read or write arbitrary files on the underlying operating system.
Remediation
Install update from vendor's website.