CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
5.1%
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | catalyst_sd-wan_manager | * | cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:* |
cisco | sd-wan_vbond_orchestrator | * | cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:* |
cisco | sd-wan_vmanage | * | cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:* |
cisco | vsmart_controller_firmware | * | cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:* |
cisco | vsmart_controller | - | cpe:2.3:h:cisco:vsmart_controller:-:*:*:*:*:*:*:* |
cisco | vedge_100_firmware | * | cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:* |
cisco | vedge_100 | - | cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:* |
cisco | vedge_1000_firmware | * | cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:* |
cisco | vedge_1000 | - | cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:* |
cisco | vedge_100b_firmware | * | cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
5.1%