What is CVE-2021-1392?

CVE-2021-1392 is a high-severity vulnerability in Cisco Ios, classified under Insufficiently Protected Credentials. CVSS score: 7.8/10. Published 2021-03-24.

How severe is CVE-2021-1392?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Cisco Ios

CVE-2021-1392

A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an a…

EPSS: 0.000 (9.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Ios — versions n/a

Weakness classification (CWE)

CWE-522 — Insufficiently Protected Credentials

References

20210324 Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2021-1392?: CVE-2021-1392 is a high-severity vulnerability in Cisco Ios, classified under Insufficiently Protected Credentials. CVSS score: 7.8/10. Published 2021-03-24.
How severe is CVE-2021-1392?: High severity. CVSS v3 base score is 7.8 out of 10.