CVE-2021-1435

Vulnerability Profile Updated 3 months ago

Download STIX

Preview STIX

CVE-2021-1435 is a software vulnerability that was exploited in an attack sequence as revealed by Cisco on October 16, 2023. This flaw, which had been patched earlier, is a remote code execution (RCE) vulnerability present in the web UI of Cisco IOS XE software. In a series of attacks, threat actors initially exploited a newer vulnerability, CVE-2023-20198, to create highest-privilege accounts on internet-facing network devices. Following this, they leveraged CVE-2021-1435 to install a Lua-language implant or backdoor on the compromised systems. The threat actors demonstrated a patch bypass technique, using CVE-2021-1435 to gain administrator level privileges on IOS XE devices, even after it had been patched. The Lua-language implant installed by the attackers potentially allows for continued unauthorized access and control over the affected systems. The exploitation of these vulnerabilities posed a significant threat to the security of the impacted devices and the networks they are part of. However, according to a statement from Cisco Talos, the association of CVE-2021-1435 with these malicious activities has been reassessed. While the initial analysis linked this vulnerability to the exploitation sequence, further investigation led Cisco to determine that CVE-2021-1435 was not associated with this activity. As such, the situation underscores the importance of continuous monitoring and re-evaluation in cybersecurity threat assessment.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ios

Vulnerability

Cisco

Implant

Remote Code ...

Implant/back...

RCE (Remote ...

Talos

CISA

Exploit

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
CVE-2023-20198	Unspecified	1	CVE-2023-20198 is a critical zero-day vulnerability found in the Web User Interface (Web UI) feature of Cisco IOS XE software. It was discovered when Cisco identified an active exploitation campaign that targeted this previously undisclosed flaw, enabling threat actors to create administrative accou

Source Document References

Information about the CVE-2021-1435 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	9 months ago	Cisco Raises Alarm Over Critical Vulnerability in IOS XE Software
CERT-EU	9 months ago	CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities \| CISA
CERT-EU	9 months ago	Cisco Finds Second Zero-Day as Number of Hacked Devices Apparently Drops
CERT-EU	9 months ago	"Disappearing" implants, followed by first fixes for exploited Cisco IOS XE zero-day - Help Net Security
CERT-EU	9 months ago	Cisco discloses new IOS XE zero-day exploited to deploy malware implant
CISA	9 months ago	CISA Adds Two Known Exploited Vulnerabilities to Catalog \| CISA
CERT-EU	9 months ago	Cisco Finds New Zero Day Bug, Pledges Patches in Days
CERT-EU	9 months ago	CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog
Securityaffairs	9 months ago	CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog
CERT-EU	9 months ago	Cisco IOS XE Web UI Vulnerability: A Glimpse into CVE-2023-20198
CISA	9 months ago	CISA Adds Two Known Exploited Vulnerability to Catalog \| CISA
CERT-EU	9 months ago	Cisco Web UI Vulnerability Exploited Massly, Impacting Over 40K Devices
CERT-EU	9 months ago	CISA Adds Two Known Exploited Vulnerability to Catalog
CERT-EU	9 months ago	Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000
CERT-EU	9 months ago	Tens of Thousands of Cisco Devices Hacked via Zero-Day Vulnerability
CERT-EU	9 months ago	“Cisco buried the lede.” >10,000 network devices backdoored through unpatched 0-day
BankInfoSecurity	9 months ago	Unpatched Zero-Day Being Exploited in the Wild, Cisco Warns
CERT-EU	9 months ago	Active Exploitation of Cisco IOS XE Zero-Day Vulnerability \| Rapid7 Blog
CERT-EU	9 months ago	Over 10,000 Cisco devices hacked in IOS XE zero-day attacks
DARKReading	9 months ago	Zero-Day Alert: 10K Cisco IOS XE Systems Now Compromised