Lucene search

CiscoCVE-2021-1546

HistorySep 23, 2021 - 3:15 a.m.

CVE-2021-1546

2021-09-2303:15:11

CWE-209

cisco

web.nvd.nist.gov

cve-2021-1546

cisco

sd-wan

cli

vulnerability

unauthorized access

sensitive information

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information.

Affected configurations

Nvd

Node

ciscocatalyst_sd-wan_managerRange18.4–20.4.2

ciscocatalyst_sd-wan_managerRange20.6–20.6.1

ciscosd-wan_vbond_orchestratorRange18.4–20.4.2

ciscosd-wan_vbond_orchestratorRange20.5–20.5.2

ciscosd-wan_vbond_orchestratorRange20.6–20.6.1

ciscosd-wan_vmanageRange20.5–20.5.2

Node

ciscovsmart_controller_firmwareRange18.4–20.4.2

ciscovsmart_controller_firmwareRange20.5–20.5.2

ciscovsmart_controller_firmwareRange20.6–20.6.1

AND

ciscovsmart_controllerMatch-

Node

ciscovedge_100_firmwareRange18.4–20.4.2

ciscovedge_100_firmwareRange20.5–20.5.2

ciscovedge_100_firmwareRange20.6–20.6.1

AND

ciscovedge_100Match-

Node

ciscovedge_1000_firmwareRange18.4–20.4.2

ciscovedge_1000_firmwareRange20.5–20.5.2

ciscovedge_1000_firmwareRange20.6–20.6.1

AND

ciscovedge_1000Match-

Node

ciscovedge_100b_firmwareRange18.4–20.4.2

ciscovedge_100b_firmwareRange20.5–20.5.2

ciscovedge_100b_firmwareRange20.6–20.6.1

AND

ciscovedge_100bMatch-

Node

ciscovedge_100m_firmwareRange18.4–20.4.2

ciscovedge_100m_firmwareRange20.5–20.5.2

ciscovedge_100m_firmwareRange20.6–20.6.1

AND

ciscovedge_100mMatch-

Node

ciscovedge_100wm_firmwareRange18.4–20.4.2

ciscovedge_100wm_firmwareRange20.5–20.5.2

ciscovedge_100wm_firmwareRange20.6–20.6.1

AND

ciscovedge_100wmMatch-

Node

ciscovedge_2000_firmwareRange18.4–20.4.2

ciscovedge_2000_firmwareRange20.5–20.5.2

ciscovedge_2000_firmwareRange20.6–20.6.1

AND

ciscovedge_2000Match-

Node

ciscovedge_5000_firmwareRange18.4–20.4.2

ciscovedge_5000_firmwareRange20.5–20.5.2

ciscovedge_5000_firmwareRange20.6–20.6.1

AND

ciscovedge_5000Match-

Node

ciscovedge_cloud_firmwareRange18.4–20.4.2

ciscovedge_cloud_firmwareRange20.5–20.5.2

ciscovedge_cloud_firmwareRange20.6–20.6.1

AND

ciscovedge_cloudMatch-

VendorProductVersionCPE
ciscocatalyst_sd-wan_manager*cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
ciscosd-wan_vbond_orchestrator*cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*
ciscosd-wan_vmanage*cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*
ciscovsmart_controller_firmware*cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*
ciscovsmart_controller-cpe:2.3:h:cisco:vsmart_controller:-:*:*:*:*:*:*:*
ciscovedge_100_firmware*cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*
ciscovedge_100-cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*
ciscovedge_1000_firmware*cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*
ciscovedge_1000-cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*
ciscovedge_100b_firmware*cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	catalyst_sd-wan_manager	*	cpe:2.3:a:cisco:catalyst_sd-wan_manager::::::::
cisco	sd-wan_vbond_orchestrator	*	cpe:2.3:a:cisco:sd-wan_vbond_orchestrator::::::::
cisco	sd-wan_vmanage	*	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
cisco	vsmart_controller_firmware	*	cpe:2.3:o:cisco:vsmart_controller_firmware::::::::
cisco	vsmart_controller	-	cpe:2.3:h:cisco:vsmart_controller:-:::::::*
cisco	vedge_100_firmware	*	cpe:2.3:o:cisco:vedge_100_firmware::::::::
cisco	vedge_100	-	cpe:2.3:h:cisco:vedge_100:-:::::::*
cisco	vedge_1000_firmware	*	cpe:2.3:o:cisco:vedge_1000_firmware::::::::
cisco	vedge_1000	-	cpe:2.3:h:cisco:vedge_1000:-:::::::*
cisco	vedge_100b_firmware	*	cpe:2.3:o:cisco:vedge_100b_firmware::::::::

Rows per page:

1-10 of 211

CNA Affected

[
  {
    "product": "Cisco SD-WAN Solution",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-1546