What is CVE-2021-1370?

CVE-2021-1370 is a high-severity vulnerability in Cisco 8201, classified under OS Command Injection. CVSS score: 7.8/10. Published 2021-02-04.

How severe is CVE-2021-1370?

High severity. CVSS v3 base score is 7.8 out of 10.

RCE in Cisco 8201

CVE-2021-1370

A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their pri…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.004 (29.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco 8201
Cisco 8202
Cisco 8808
Cisco 8812
Cisco 8818
Cisco Ios Xr Software — versions n/a
Cisco Ios_xr
Cisco Ncs_540

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

psirt@cisco.com (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2021-1370?: CVE-2021-1370 is a high-severity vulnerability in Cisco 8201, classified under OS Command Injection. CVSS score: 7.8/10. Published 2021-02-04.
How severe is CVE-2021-1370?: High severity. CVSS v3 base score is 7.8 out of 10.