CVE-2021-1385
Description
A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the device does not properly validate URIs in IOx API requests. An attacker could exploit this vulnerability by sending a crafted API request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.236
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco IOx Application Environment Path Traversal Vulnerability For Cisco IOS | NCM |
| Cisco IOx Application Environment Path Traversal Vulnerability For Cisco IOS XE Software | NCM |
| Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability (CVE-2021-1385) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706090 | Security Update for Cisco IOS Amsterdam-17.2.1r |
| PATCH-1706107 | Security Update for Cisco IOS XE Software 5.2(1)SV5(1.3a) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234