CVE-2021-1371 MEDIUM

CVE-2021-1371: Cisco IOS XE SD-WAN Software Console Privilege Escalation Vulnerability

Vendor Cisco
Product Cisco IOS XE Software
Weakness CWE-269
Published March 24, 2021
Last update November 8, 2024
View on NVD All CVEs

CVSS base score

6.6/10
Attack vector Physical
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs because the default configuration is applied for console authentication and authorization. An attacker could exploit this vulnerability by connecting to the console port and authenticating as a read-only user. A successful exploit could allow a user with read-only permissions to access administrative privileges.

Key dates

02Disclosure timeline

March 24, 2021 CVE published
November 8, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-26247 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability CVE-2025-59514 Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability CVE-2026-7284 Easy Elements for Elementor <= 1.4.4 - Unauthenticated Privilege Escalation via easyel_handle_register CVE-2025-1425 File Read Through Improper Sudo Privilege Management CVE-2026-30888 Discourse has moderator privilege escalation via arbitrary post_id in suspend/silence endpoint