Lucene search

CiscoCVE-2021-1512

HistoryMay 06, 2021 - 1:15 p.m.

CVE-2021-1512

2021-05-0613:15:10

CWE-552

cisco

web.nvd.nist.gov

cve-2021-1512

cisco

sd-wan

vulnerability

cli

authenticated

local attacker

file system

exploit

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

5.9

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content in any arbitrary files that reside on the underlying host file system.

Affected configurations

Nvd

Node

ciscocatalyst_sd-wan_managerRange19.2–19.2.3

ciscocatalyst_sd-wan_managerRange20.3–20.3.1

ciscocatalyst_sd-wan_managerRange20.4–20.4.1

ciscocatalyst_sd-wan_managerRange20.5–20.5.1

ciscosd-wan_vbond_orchestratorMatch-

ciscosd-wan_vmanageRange<18.4.6

ciscosd-wan_vmanageRange20.1–20.1.2

Node

ciscovsmart_controller_firmwareMatch-

AND

ciscovsmart_controllerMatch-

Node

ciscovedge_100_firmwareMatch-

AND

ciscovedge_100Match-

Node

ciscovedge_1000_firmwareMatch-

AND

ciscovedge_1000Match-

Node

ciscovedge_100b_firmwareMatch-

AND

ciscovedge_100bMatch-

Node

ciscovedge_100m_firmwareMatch-

AND

ciscovedge_100mMatch-

Node

ciscovedge_100wm_firmwareMatch-

AND

ciscovedge_100wmMatch-

Node

ciscovedge_2000_firmwareMatch-

AND

ciscovedge_2000Match-

Node

ciscovedge_5000_firmwareMatch-

AND

ciscovedge_5000Match-

Node

ciscovedge-100b_firmwareMatch-

AND

ciscovedge-100bMatch-

Node

ciscovedge_cloud_firmwareMatch-

AND

ciscovedge_cloudMatch-

VendorProductVersionCPE
ciscocatalyst_sd-wan_manager*cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
ciscosd-wan_vbond_orchestrator-cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*
ciscosd-wan_vmanage*cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*
ciscovsmart_controller_firmware-cpe:2.3:o:cisco:vsmart_controller_firmware:-:*:*:*:*:*:*:*
ciscovsmart_controller-cpe:2.3:h:cisco:vsmart_controller:-:*:*:*:*:*:*:*
ciscovedge_100_firmware-cpe:2.3:o:cisco:vedge_100_firmware:-:*:*:*:*:*:*:*
ciscovedge_100-cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*
ciscovedge_1000_firmware-cpe:2.3:o:cisco:vedge_1000_firmware:-:*:*:*:*:*:*:*
ciscovedge_1000-cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*
ciscovedge_100b_firmware-cpe:2.3:o:cisco:vedge_100b_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	catalyst_sd-wan_manager	*	cpe:2.3:a:cisco:catalyst_sd-wan_manager::::::::
cisco	sd-wan_vbond_orchestrator	-	cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:::::::*
cisco	sd-wan_vmanage	*	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
cisco	vsmart_controller_firmware	-	cpe:2.3:o:cisco:vsmart_controller_firmware:-:::::::*
cisco	vsmart_controller	-	cpe:2.3:h:cisco:vsmart_controller:-:::::::*
cisco	vedge_100_firmware	-	cpe:2.3:o:cisco:vedge_100_firmware:-:::::::*
cisco	vedge_100	-	cpe:2.3:h:cisco:vedge_100:-:::::::*
cisco	vedge_1000_firmware	-	cpe:2.3:o:cisco:vedge_1000_firmware:-:::::::*
cisco	vedge_1000	-	cpe:2.3:h:cisco:vedge_1000:-:::::::*
cisco	vedge_100b_firmware	-	cpe:2.3:o:cisco:vedge_100b_firmware:-:::::::*

Rows per page:

1-10 of 231

CNA Affected

[
  {
    "product": "Cisco SD-WAN Solution",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfile-7Qhd9mCn

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

5.9

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-1512