CVE-2021-1434: Cisco IOS XE SD-WAN Software Arbitrary File Corruption Vulnerability

First published: Wed Mar 24 2021(Updated: )

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system.

Credit: ykramarz@cisco.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/softwarecombine
• agent/type
• collector/mitre-cve
• source/MITRE
• agent/references
• agent/weakness
• agent/title
• agent/last-modified-date
• agent/severity
• agent/tags
• agent/author
• agent/description
• agent/first-publish-date
• agent/event
• vendor/cisco
• canonical/cisco ios xe
• version/cisco ios xe/16.11.1
• version/cisco ios xe/16.11.1a
• version/cisco ios xe/16.11.1b
• version/cisco ios xe/16.11.1c
• version/cisco ios xe/16.11.1s
• version/cisco ios xe/16.11.2
• version/cisco ios xe/16.12.1
• version/cisco ios xe/16.12.1a
• version/cisco ios xe/16.12.1c
• version/cisco ios xe/16.12.1s
• version/cisco ios xe/16.12.1t
• version/cisco ios xe/16.12.1w
• version/cisco ios xe/16.12.1x
• version/cisco ios xe/16.12.1y
• version/cisco ios xe/16.12.1z
• version/cisco ios xe/16.12.1za
• version/cisco ios xe/16.12.2
• version/cisco ios xe/16.12.2a
• version/cisco ios xe/16.12.2s
• version/cisco ios xe/16.12.2t
• version/cisco ios xe/16.12.3
• version/cisco ios xe/16.12.3a
• version/cisco ios xe/16.12.3s
• version/cisco ios xe/17.2.1
• version/cisco ios xe/17.2.1a
• version/cisco ios xe/17.2.1r
• version/cisco ios xe/17.2.1v