CVE-2021-1435

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2021-1435 is a software vulnerability that was exploited in an attack sequence as revealed by Cisco on October 16, 2023. This flaw, which had been patched earlier, is a remote code execution (RCE) vulnerability present in the web UI of Cisco IOS XE software. In a series of attacks, threat actors initially exploited a newer vulnerability, CVE-2023-20198, to create highest-privilege accounts on internet-facing network devices. Following this, they leveraged CVE-2021-1435 to install a Lua-language implant or backdoor on the compromised systems. The threat actors demonstrated a patch bypass technique, using CVE-2021-1435 to gain administrator level privileges on IOS XE devices, even after it had been patched. The Lua-language implant installed by the attackers potentially allows for continued unauthorized access and control over the affected systems. The exploitation of these vulnerabilities posed a significant threat to the security of the impacted devices and the networks they are part of. However, according to a statement from Cisco Talos, the association of CVE-2021-1435 with these malicious activities has been reassessed. While the initial analysis linked this vulnerability to the exploitation sequence, further investigation led Cisco to determine that CVE-2021-1435 was not associated with this activity. As such, the situation underscores the importance of continuous monitoring and re-evaluation in cybersecurity threat assessment.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Ios
Cisco
Implant
Remote Code ...
RCE (Remote ...
CISA
Implant/back...
Exploit
Talos
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-20198Unspecified
1
CVE-2023-20198 is a critical zero-day vulnerability found in the Web User Interface (Web UI) feature of Cisco IOS XE software. It was discovered when Cisco identified an active exploitation campaign that targeted this previously undisclosed flaw, enabling threat actors to create administrative accou
Source Document References
Information about the CVE-2021-1435 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog
DARKReading
8 months ago
Zero-Day Alert: 10K Cisco IOS XE Systems Now Compromised
CERT-EU
8 months ago
Cisco Finds New Zero Day Bug, Pledges Patches in Days
CERT-EU
8 months ago
"Disappearing" implants, followed by first fixes for exploited Cisco IOS XE zero-day - Help Net Security
CERT-EU
8 months ago
Cisco Raises Alarm Over Critical Vulnerability in IOS XE Software
Securityaffairs
8 months ago
CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog
CERT-EU
8 months ago
Active Exploitation of Cisco IOS XE Zero-Day Vulnerability | Rapid7 Blog
CERT-EU
8 months ago
CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities | CISA
CISA
8 months ago
CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA
CERT-EU
8 months ago
Cisco discloses new IOS XE zero-day exploited to deploy malware implant
CERT-EU
8 months ago
“Cisco buried the lede.” >10,000 network devices backdoored through unpatched 0-day
BankInfoSecurity
8 months ago
Unpatched Zero-Day Being Exploited in the Wild, Cisco Warns
CERT-EU
8 months ago
CISA Adds Two Known Exploited Vulnerability to Catalog
CERT-EU
8 months ago
Critical, Unpatched Cisco Zero-Day Bug Is Under Active Exploit
CERT-EU
8 months ago
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability
CERT-EU
8 months ago
Cisco zero-day bug under exploit allows router hijacking
CERT-EU
8 months ago
Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000
CERT-EU
8 months ago
Cisco Web UI Vulnerability Exploited Massly, Impacting Over 40K Devices
CISA
8 months ago
CISA Adds Two Known Exploited Vulnerability to Catalog | CISA
CERT-EU
8 months ago
Cisco Devices Hacked via IOS XE Zero-Day Vulnerability