#VU51766 Write-what-where Condition in Cisco Systems, Inc products - CVE-2021-1390
Published: March 29, 2021
Vulnerability identifier: #VU51766
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1390
CWE-ID: CWE-123
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS XE
Cisco Catalyst IE3200 Rugged Series
Cisco Catalyst IE3300 Rugged Series
Cisco Catalyst IE3400 Rugged Series
Cisco Catalyst IE3400 Heavy Duty Series
Cisco Embedded Services 3300 Series Switches
Cisco IOS XE
Cisco Catalyst IE3200 Rugged Series
Cisco Catalyst IE3300 Rugged Series
Cisco Catalyst IE3400 Rugged Series
Cisco Catalyst IE3400 Heavy Duty Series
Cisco Embedded Services 3300 Series Switches
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the affected software permits modification of the run-time memory of an affected device under specific circumstances. A local administrator can trigger a logic error in the code that was designed to restrict run-time memory modifications and execute arbitrary code on the underlying Linux operating system.
Remediation
Install updates from vendor's website.