What is the severity of CVE-2021-1436?

The severity of CVE-2021-1436 is considered high due to its potential for path traversal attacks allowing unauthorized read access to sensitive files.

How do I fix CVE-2021-1436?

To fix CVE-2021-1436, update your Cisco IOS XE SD-WAN Software to a version that includes the relevant security patches.

What are the affected versions for CVE-2021-1436?

CVE-2021-1436 affects multiple versions of Cisco IOS XE SD-WAN Software including 3.15.1xbs, 16.11.x, 16.12.x, and 17.1.x.

Who can exploit CVE-2021-1436?

CVE-2021-1436 can be exploited by authenticated local attackers who can conduct path traversal attacks.

What causes the vulnerability CVE-2021-1436?

CVE-2021-1436 is caused by insufficient validation of user-supplied input in the Command Line Interface (CLI) of the affected software.

Vulnerability/
CVE-2021-1436

medium

4.7

CWE

24/3/2021

8/11/2024

CVE-2021-1436: Cisco IOS XE SD-WAN Software Path Traversal Vulnerability

First published: Wed Mar 24 2021(Updated: )

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco IOS XE Web UI	=3.15.1xbs
Cisco IOS XE Web UI	=3.15.2xbs
Cisco IOS XE Web UI	=16.11.1
Cisco IOS XE Web UI	=16.11.1a
Cisco IOS XE Web UI	=16.11.1b
Cisco IOS XE Web UI	=16.11.1c
Cisco IOS XE Web UI	=16.11.1s
Cisco IOS XE Web UI	=16.11.2
Cisco IOS XE Web UI	=16.12.1
Cisco IOS XE Web UI	=16.12.1a
Cisco IOS XE Web UI	=16.12.1c
Cisco IOS XE Web UI	=16.12.1s
Cisco IOS XE Web UI	=16.12.1t
Cisco IOS XE Web UI	=16.12.1w
Cisco IOS XE Web UI	=16.12.1x
Cisco IOS XE Web UI	=16.12.1y
Cisco IOS XE Web UI	=16.12.1z
Cisco IOS XE Web UI	=16.12.1za
Cisco IOS XE Web UI	=16.12.2
Cisco IOS XE Web UI	=16.12.2a
Cisco IOS XE Web UI	=16.12.2s
Cisco IOS XE Web UI	=16.12.2t
Cisco IOS XE Web UI	=16.12.3
Cisco IOS XE Web UI	=16.12.3a
Cisco IOS XE Web UI	=16.12.3s
Cisco IOS XE Web UI	=16.12.4
Cisco IOS XE Web UI	=16.12.4a
Cisco IOS XE Web UI	=17.1.1
Cisco IOS XE Web UI	=17.1.1a
Cisco IOS XE Web UI	=17.1.1s
Cisco IOS XE Web UI	=17.1.1t
Cisco IOS XE Web UI	=17.1.2
Cisco IOS XE Web UI	=17.2.1
Cisco IOS XE Web UI	=17.2.1a
Cisco IOS XE Web UI	=17.2.1r
Cisco IOS XE Web UI	=17.2.1v
Cisco IOS XE Web UI	=17.2.2

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-sdwpathtrav-nsrue2Mt

Frequently Asked Questions

What is the severity of CVE-2021-1436?
The severity of CVE-2021-1436 is considered high due to its potential for path traversal attacks allowing unauthorized read access to sensitive files.
How do I fix CVE-2021-1436?
To fix CVE-2021-1436, update your Cisco IOS XE SD-WAN Software to a version that includes the relevant security patches.
What are the affected versions for CVE-2021-1436?
CVE-2021-1436 affects multiple versions of Cisco IOS XE SD-WAN Software including 3.15.1xbs, 16.11.x, 16.12.x, and 17.1.x.
Who can exploit CVE-2021-1436?
CVE-2021-1436 can be exploited by authenticated local attackers who can conduct path traversal attacks.
What causes the vulnerability CVE-2021-1436?
CVE-2021-1436 is caused by insufficient validation of user-supplied input in the Command Line Interface (CLI) of the affected software.

agent/type
agent/softwarecombine
agent/references
agent/author
agent/severity
agent/weakness
agent/title
agent/description
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco ios xe web ui
version/cisco ios xe web ui/3.15.1xbs
version/cisco ios xe web ui/3.15.2xbs
version/cisco ios xe web ui/16.11.1
version/cisco ios xe web ui/16.11.1a
version/cisco ios xe web ui/16.11.1b
version/cisco ios xe web ui/16.11.1c
version/cisco ios xe web ui/16.11.1s
version/cisco ios xe web ui/16.11.2
version/cisco ios xe web ui/16.12.1
version/cisco ios xe web ui/16.12.1a
version/cisco ios xe web ui/16.12.1c
version/cisco ios xe web ui/16.12.1s
version/cisco ios xe web ui/16.12.1t
version/cisco ios xe web ui/16.12.1w
version/cisco ios xe web ui/16.12.1x
version/cisco ios xe web ui/16.12.1y
version/cisco ios xe web ui/16.12.1z
version/cisco ios xe web ui/16.12.1za
version/cisco ios xe web ui/16.12.2
version/cisco ios xe web ui/16.12.2a
version/cisco ios xe web ui/16.12.2s
version/cisco ios xe web ui/16.12.2t
version/cisco ios xe web ui/16.12.3
version/cisco ios xe web ui/16.12.3a
version/cisco ios xe web ui/16.12.3s
version/cisco ios xe web ui/16.12.4
version/cisco ios xe web ui/16.12.4a
version/cisco ios xe web ui/17.1.1
version/cisco ios xe web ui/17.1.1a
version/cisco ios xe web ui/17.1.1s
version/cisco ios xe web ui/17.1.1t
version/cisco ios xe web ui/17.1.2
version/cisco ios xe web ui/17.2.1
version/cisco ios xe web ui/17.2.1a
version/cisco ios xe web ui/17.2.1r
version/cisco ios xe web ui/17.2.1v
version/cisco ios xe web ui/17.2.2