CVE-2021-1435

CVE-2021-1435 is a software vulnerability that was exploited in an attack sequence as revealed by Cisco on October 16, 2023. This flaw, which had been patched earlier, is a remote code execution (RCE) vulnerability present in the web UI of Cisco IOS XE software. In a series of attacks, threat actors initially exploited a newer vulnerability, CVE-2023-20198, to create highest-privilege accounts on internet-facing network devices. Following this, they leveraged CVE-2021-1435 to install a Lua-language implant or backdoor on the compromised systems. The threat actors demonstrated a patch bypass technique, using CVE-2021-1435 to gain administrator level privileges on IOS XE devices, even after it had been patched. The Lua-language implant installed by the attackers potentially allows for continued unauthorized access and control over the affected systems. The exploitation of these vulnerabilities posed a significant threat to the security of the impacted devices and the networks they are part of. However, according to a statement from Cisco Talos, the association of CVE-2021-1435 with these malicious activities has been reassessed. While the initial analysis linked this vulnerability to the exploitation sequence, further investigation led Cisco to determine that CVE-2021-1435 was not associated with this activity. As such, the situation underscores the importance of continuous monitoring and re-evaluation in cybersecurity threat assessment.