CVE-2021-1435

Vulnerability updated 4 months ago (2024-05-04T18:56:56.929Z)

Download STIX

Preview STIX

CVE-2021-1435 is a software vulnerability that was exploited in an attack sequence as revealed by Cisco on October 16, 2023. This flaw, which had been patched earlier, is a remote code execution (RCE) vulnerability present in the web UI of Cisco IOS XE software. In a series of attacks, threat actors initially exploited a newer vulnerability, CVE-2023-20198, to create highest-privilege accounts on internet-facing network devices. Following this, they leveraged CVE-2021-1435 to install a Lua-language implant or backdoor on the compromised systems. The threat actors demonstrated a patch bypass technique, using CVE-2021-1435 to gain administrator level privileges on IOS XE devices, even after it had been patched. The Lua-language implant installed by the attackers potentially allows for continued unauthorized access and control over the affected systems. The exploitation of these vulnerabilities posed a significant threat to the security of the impacted devices and the networks they are part of. However, according to a statement from Cisco Talos, the association of CVE-2021-1435 with these malicious activities has been reassessed. While the initial analysis linked this vulnerability to the exploitation sequence, further investigation led Cisco to determine that CVE-2021-1435 was not associated with this activity. As such, the situation underscores the importance of continuous monitoring and re-evaluation in cybersecurity threat assessment.

Description last updated: 2024-05-04T16:51:31.701Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Cisco

Vulnerability

Ios

Implant

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the CVE-2021-1435 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	10 months ago	Cisco Raises Alarm Over Critical Vulnerability in IOS XE Software
CERT-EU	10 months ago	CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities \| CISA
CERT-EU	10 months ago	Cisco Finds Second Zero-Day as Number of Hacked Devices Apparently Drops
CERT-EU	10 months ago	"Disappearing" implants, followed by first fixes for exploited Cisco IOS XE zero-day - Help Net Security
CERT-EU	a year ago	Cisco discloses new IOS XE zero-day exploited to deploy malware implant
CISA	a year ago	CISA Adds Two Known Exploited Vulnerabilities to Catalog \| CISA
CERT-EU	a year ago	Cisco Finds New Zero Day Bug, Pledges Patches in Days
CERT-EU	a year ago	CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog
Securityaffairs	a year ago	CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog
CERT-EU	a year ago	Cisco IOS XE Web UI Vulnerability: A Glimpse into CVE-2023-20198
CISA	a year ago	CISA Adds Two Known Exploited Vulnerability to Catalog \| CISA
CERT-EU	a year ago	Cisco Web UI Vulnerability Exploited Massly, Impacting Over 40K Devices
CERT-EU	a year ago	CISA Adds Two Known Exploited Vulnerability to Catalog
CERT-EU	a year ago	Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000
CERT-EU	a year ago	Tens of Thousands of Cisco Devices Hacked via Zero-Day Vulnerability
CERT-EU	a year ago	“Cisco buried the lede.” >10,000 network devices backdoored through unpatched 0-day
BankInfoSecurity	a year ago	Unpatched Zero-Day Being Exploited in the Wild, Cisco Warns
CERT-EU	a year ago	Active Exploitation of Cisco IOS XE Zero-Day Vulnerability \| Rapid7 Blog
CERT-EU	a year ago	Over 10,000 Cisco devices hacked in IOS XE zero-day attacks
DARKReading	a year ago	Zero-Day Alert: 10K Cisco IOS XE Systems Now Compromised