Vulnerability Details : CVE-2021-1376

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory.
Published 2021-03-24 21:15:12
Updated 2021-03-30 14:34:54
Source Cisco Systems, Inc.
View at NVD,   CVE.org
Vulnerability category: Execute code

Products affected by CVE-2021-1376

Exploit prediction scoring system (EPSS) score for CVE-2021-1376

EPSS FAQ
0.03%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 4 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-1376

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.2
 HIGH AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
 NIST
6.7
 MEDIUM CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.8
5.9
 Cisco Systems, Inc.
6.7
 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.8
5.9
 NIST

CWE ids for CVE-2021-1376

References for CVE-2021-1376

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close