Unrated severityNVD Advisory· Published Mar 24, 2021· Updated Nov 8, 2024
Cisco IOx Application Environment Path Traversal Vulnerability
CVE-2021-1385
Description
A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the device does not properly validate URIs in IOx API requests. An attacker could exploit this vulnerability by sending a crafted API request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: n/a
Patches
Vulnerability mechanics
References
2- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-pt-hWGcPf7gmitrevendor-advisoryx_refsource_CISCO
- github.com/orangecertcc/security-research/security/advisories/GHSA-hhfw-6cm2-v3w5mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.