CVE-2021-1385

A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the device does not properly validate URIs in IOx API requests. An attacker could exploit this vulnerability by sending a crafted API request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system.

Severity	MEDIUM
CVSS	6.5
CWE	CWE-22
KEV
Published	5 years ago
Modified	1 year ago

Related Products

Product	Advisory
Cisco Nexus Dashboard	cisco-sa-iox-pt-hWGcPf7g
Cisco Meraki MS Series Switches	cisco-sa-iox-pt-hWGcPf7g
Cisco IOS Software	cisco-sa-iox-pt-hWGcPf7g
Cisco Application Centric Infrastructure Virtual Edge	cisco-sa-iox-pt-hWGcPf7g
Cisco 1000 Series Connected Grid Routers	cisco-sa-iox-pt-hWGcPf7g
Cisco IOx	cisco-sa-iox-pt-hWGcPf7g
Cisco IOS XE Software	cisco-sa-iox-pt-hWGcPf7g
Cisco IOS	cisco-sa-iox-pt-hWGcPf7g
Cisco CGR1000 Compute Module	cisco-sa-iox-pt-hWGcPf7g
Cisco Catalyst 9600 Series Switches	cisco-sa-iox-pt-hWGcPf7g
Cisco Catalyst 9500 Series Switches	cisco-sa-iox-pt-hWGcPf7g
Cisco Catalyst 9400 Series Switches	cisco-sa-iox-pt-hWGcPf7g
Cisco Catalyst 9300 Series Switches	cisco-sa-iox-pt-hWGcPf7g
Cisco Catalyst 9200 Series Switches	cisco-sa-iox-pt-hWGcPf7g