Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021

A vulnerability in the command line parameter parsing code of Sudo could allow an authenticated, local attacker to execute commands or binaries with root privileges.

The vulnerability is due to improper parsing of command line parameters that may result in a heap-based buffer overflow. An attacker could exploit this vulnerability by accessing a Unix shell on an affected device and then invoking the sudoedit command with crafted parameters or by executing a binary exploit. A successful exploit could allow the attacker to execute commands or binaries with root privileges.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM

Security Impact Rating: High

CVE: CVE-2021-3156

Source:: Cisco Security Advisories