NewsSecurity Vulnerabilities

Cisco IOS XE Software Web UI Command Injection Vulnerability [CVE-2021-1435]

CVE Number – CVE-2021-1435

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user.

This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web UI of an affected device with arbitrary commands injected into a portion of the request. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

At the time of publication, this vulnerability affected Cisco devices if they were running a vulnerable release of Cisco IOS XE Software and had the web UI feature enabled.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Determine the HTTP Server Configuration

To determine whether the HTTP Server feature is enabled for a device, log in to the device and use the show running-config | include ip http server|secure|active command in the CLI to check for the presence of the ip http server command or the ip http secure-server command in the global configuration. If either command is present and configured, the HTTP Server feature is enabled for the device.

The following example shows the output of the show running-config | include ip http server|secure|active command for a device that has the HTTP Server feature enabled:

Router# show running-config | include ip http server|secure|active
ip http server
ip http secure-server

Note: The presence of either command or both commands in the device configuration indicates that the web UI feature is enabled.

If the ip http server command is present and the configuration also contains ip http active-session-modules none, the vulnerability is not exploitable over HTTP.

If the ip http secure-server command is present and the configuration also contains ip http secure-active-session-modules none, the vulnerability is not exploitable over HTTPS.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webcmdinjsh-UFJxTgZD

Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.