Lucene search

CiscoCVELIST:CVE-2021-1612

HistorySep 23, 2021 - 2:30 a.m.

CVE-2021-1612 Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability

2021-09-2302:30:39

CWE-61

cisco

www.cve.org

cve-2021-1612

cisco ios xe

sd-wan

arbitrary file overwrite

vulnerability

improper access controls

symbolic link

local file system

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

5.1%

JSON

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device.

CNA Affected

[
  {
    "product": "Cisco IOS XE SD-WAN Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-GjR5pGOm

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2021-1612