In a recent security advisory, Cisco warned of a major vulnerability in its IOS IE operating system. The vulnerability in question, (CVE-2021-1529), specifically affects the CLI of Cisco’s IOS XE SD-WAN software. The result of this is giving an authenticated, local threat actor the opportunity to abuse root privileges via arbitrary code execution.
The MITRE CVE database describes the vulnerability as being caused by the following:
The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.
According to the NIST’s NVD (National Vulnerability Database), (CVE-2021-1529) earns a 7.8 score on the CVSS (Common Vulnerability Scoring System), which ranks it as “high” in classification. What makes this vulnerability so dangerous is its ability to give attackers free rein over the IOS IE operating system. With root privileges, they would be able to read and write all system files, and most concerningly, install and remove any software at will.
This gives attackers the ability to begin a larger attack on a corporate network as a whole, which, if history is any indication, can be accomplished far more easily than it should. The good news is that Cisco has introduced a patch for (CVE-2021-1529) that sysadmins should implement as soon as possible.
If cybercriminals eyeing a specific corporation using the IOS IE were not considering an attack before, they most certainly are now. The double-edged nature of any threat report is that, in alerting customers, an organization also alerts previously unaware malicious actors. Especially since some organizations may not have patched their systems for some time, this is a race against the clock.
Featured image: Flickr / DennisM2