Vulnerability identifier: #VU51763

Vulnerability risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1398

CWE-ID: CWE-489

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Cisco IOS XE
Operating systems & Components / Operating system
Integrated Services Virtual Routers
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cloud Services Router 1000V Series
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to incorrect validations of specific function arguments that are passed to the boot script. An attacker with physical access can tamper with a specific file, execute unsigned code at boot time and bypass the image verification check in the secure boot process of the affected device.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco IOS XE: Amsterdam 17.1.1

Integrated Services Virtual Routers: All versions

Cloud Services Router 1000V Series: All versions

---

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-ACE-75K3bRWe

---

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.