CVE-2021-34724: Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability
First published: Thu Sep 23 2021(Updated: )
A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root user. An attacker must be authenticated on an affected device as a PRIV15 user. This vulnerability is due to insufficient file system protection and the presence of a sensitive file in the bootflash directory on an affected device. An attacker could exploit this vulnerability by overwriting an installer file stored in the bootflash directory with arbitrary commands that can be executed with root-level privileges. A successful exploit could allow the attacker to read and write changes to the configuration database on the affected device.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XE SD-WAN | <=17.3.1a | |
| Cisco 1000 Integrated Services Router | ||
| Cisco 1100-4g\/6g Integrated Services Router | ||
| Cisco 1100-4p Integrated Services Router | ||
| Cisco 1100-8p Integrated Services Router | ||
| Cisco 1100 Integrated Services Router | ||
| Cisco 1101-4p Integrated Services Router | ||
| Cisco 1101 Integrated Services Router | ||
| Cisco 1109-2p Integrated Services Router | ||
| Cisco 1109-4p Integrated Services Router | ||
| Cisco 1109 Integrated Services Router | ||
| Cisco 1111x-8p Integrated Services Router | ||
| Cisco 1111x Integrated Services Router | ||
| Cisco 111x Integrated Services Router | ||
| Cisco 1120 Integrated Services Router | ||
| Cisco 1160 Integrated Services Router | ||
| Cisco 4000 Integrated Services Router | ||
| Cisco 422 Integrated Services Router | ||
| Cisco 4221 Integrated Services Router | ||
| Cisco 4321 Integrated Services Router | ||
| Cisco 4331 Integrated Services Router | ||
| Cisco 4351 Integrated Services Router | ||
| Cisco 4431 Integrated Services Router | ||
| Cisco 4451-x Integrated Services Router | ||
| Cisco 4451 Integrated Services Router | ||
| Cisco 4461 Integrated Services Router | ||
| Cisco ASR 1000 | ||
| Cisco Asr 1000-esp100 | ||
| Cisco Asr 1000-x | ||
| Cisco Asr 1000 Series | ||
| Cisco Asr 1000 Series Route Processor \(rp2\) | ||
| Cisco Asr 1000 Series Route Processor \(rp3\) | ||
| Cisco Asr 1001 | ||
| Cisco Asr 1001-hx | ||
| Cisco Asr 1001-hx R | ||
| Cisco Asr 1001-x | ||
| Cisco Asr 1001-x R | ||
| Cisco Asr 1002 | ||
| Cisco Asr 1002-hx | ||
| Cisco Asr 1002-hx R | ||
| Cisco Asr 1002-x | ||
| Cisco Asr 1002-x R | ||
| Cisco Asr 1004 | ||
| Cisco Asr 1006 | ||
| Cisco Asr 1006-x | ||
| Cisco Asr 1009-x | ||
| Cisco Asr 1013 | ||
| Cisco Asr 1023 | ||
| Cisco Csr 1000v |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-34724?
CVE-2021-34724 is a vulnerability in the Cisco IOS XE SD-WAN Software CLI that allows an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root user.
What software is affected by CVE-2021-34724?
The Cisco IOS XE SD-WAN Software versions up to and including 17.3.1a are affected by CVE-2021-34724.
How severe is CVE-2021-34724?
CVE-2021-34724 has a severity rating of medium.
How can an attacker exploit CVE-2021-34724?
An attacker must be authenticated on an affected device as a PRIV15 user to exploit CVE-2021-34724.
Where can I find more information about CVE-2021-34724?
You can find more information about CVE-2021-34724 at the following link: [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-privesc-VP4FG3jD)
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/cisco
- canonical/cisco ios xe sd-wan
- version/cisco ios xe sd-wan/17.3.1a
- canonical/cisco 1000 integrated services router
- canonical/cisco 1100-4g\/6g integrated services router
- canonical/cisco 1100-4p integrated services router
- canonical/cisco 1100-8p integrated services router
- canonical/cisco 1100 integrated services router
- canonical/cisco 1101-4p integrated services router
- canonical/cisco 1101 integrated services router
- canonical/cisco 1109-2p integrated services router
- canonical/cisco 1109-4p integrated services router
- canonical/cisco 1109 integrated services router
- canonical/cisco 1111x-8p integrated services router
- canonical/cisco 1111x integrated services router
- canonical/cisco 111x integrated services router
- canonical/cisco 1120 integrated services router
- canonical/cisco 1160 integrated services router
- canonical/cisco 4000 integrated services router
- canonical/cisco 422 integrated services router
- canonical/cisco 4221 integrated services router
- canonical/cisco 4321 integrated services router
- canonical/cisco 4331 integrated services router
- canonical/cisco 4351 integrated services router
- canonical/cisco 4431 integrated services router
- canonical/cisco 4451-x integrated services router
- canonical/cisco 4451 integrated services router
- canonical/cisco 4461 integrated services router
- canonical/cisco asr 1000
- canonical/cisco asr 1000-esp100
- canonical/cisco asr 1000-x
- canonical/cisco asr 1000 series
- canonical/cisco asr 1000 series route processor \(rp2\)
- canonical/cisco asr 1000 series route processor \(rp3\)
- canonical/cisco asr 1001
- canonical/cisco asr 1001-hx
- canonical/cisco asr 1001-hx r
- canonical/cisco asr 1001-x
- canonical/cisco asr 1001-x r
- canonical/cisco asr 1002
- canonical/cisco asr 1002-hx
- canonical/cisco asr 1002-hx r
- canonical/cisco asr 1002-x
- canonical/cisco asr 1002-x r
- canonical/cisco asr 1004
- canonical/cisco asr 1006
- canonical/cisco asr 1006-x
- canonical/cisco asr 1009-x
- canonical/cisco asr 1013
- canonical/cisco asr 1023
- canonical/cisco csr 1000v