Lucene search

[email protected]NVD:CVE-2021-1546

HistorySep 23, 2021 - 3:15 a.m.

CVE-2021-1546

2021-09-2303:15:11

CWE-209

[email protected]

web.nvd.nist.gov

cisco

sd-wan

vulnerability

cli

authenticated

local attacker

sensitive information

file access

disclosure

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information.

Affected configurations

Nvd

Node

ciscocatalyst_sd-wan_managerRange18.4–20.4.2

ciscocatalyst_sd-wan_managerRange20.6–20.6.1

ciscosd-wan_vbond_orchestratorRange18.4–20.4.2

ciscosd-wan_vbond_orchestratorRange20.5–20.5.2

ciscosd-wan_vbond_orchestratorRange20.6–20.6.1

ciscosd-wan_vmanageRange20.5–20.5.2

Node

ciscovsmart_controller_firmwareRange18.4–20.4.2

ciscovsmart_controller_firmwareRange20.5–20.5.2

ciscovsmart_controller_firmwareRange20.6–20.6.1

AND

ciscovsmart_controllerMatch-

Node

ciscovedge_100_firmwareRange18.4–20.4.2

ciscovedge_100_firmwareRange20.5–20.5.2

ciscovedge_100_firmwareRange20.6–20.6.1

AND

ciscovedge_100Match-

Node

ciscovedge_1000_firmwareRange18.4–20.4.2

ciscovedge_1000_firmwareRange20.5–20.5.2

ciscovedge_1000_firmwareRange20.6–20.6.1

AND

ciscovedge_1000Match-

Node

ciscovedge_100b_firmwareRange18.4–20.4.2

ciscovedge_100b_firmwareRange20.5–20.5.2

ciscovedge_100b_firmwareRange20.6–20.6.1

AND

ciscovedge_100bMatch-

Node

ciscovedge_100m_firmwareRange18.4–20.4.2

ciscovedge_100m_firmwareRange20.5–20.5.2

ciscovedge_100m_firmwareRange20.6–20.6.1

AND

ciscovedge_100mMatch-

Node

ciscovedge_100wm_firmwareRange18.4–20.4.2

ciscovedge_100wm_firmwareRange20.5–20.5.2

ciscovedge_100wm_firmwareRange20.6–20.6.1

AND

ciscovedge_100wmMatch-

Node

ciscovedge_2000_firmwareRange18.4–20.4.2

ciscovedge_2000_firmwareRange20.5–20.5.2

ciscovedge_2000_firmwareRange20.6–20.6.1

AND

ciscovedge_2000Match-

Node

ciscovedge_5000_firmwareRange18.4–20.4.2

ciscovedge_5000_firmwareRange20.5–20.5.2

ciscovedge_5000_firmwareRange20.6–20.6.1

AND

ciscovedge_5000Match-

Node

ciscovedge_cloud_firmwareRange18.4–20.4.2

ciscovedge_cloud_firmwareRange20.5–20.5.2

ciscovedge_cloud_firmwareRange20.6–20.6.1

AND

ciscovedge_cloudMatch-

VendorProductVersionCPE
ciscocatalyst_sd-wan_manager*cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
ciscosd-wan_vbond_orchestrator*cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*
ciscosd-wan_vmanage*cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*
ciscovsmart_controller_firmware*cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*
ciscovsmart_controller-cpe:2.3:h:cisco:vsmart_controller:-:*:*:*:*:*:*:*
ciscovedge_100_firmware*cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*
ciscovedge_100-cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*
ciscovedge_1000_firmware*cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*
ciscovedge_1000-cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*
ciscovedge_100b_firmware*cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	catalyst_sd-wan_manager	*	cpe:2.3:a:cisco:catalyst_sd-wan_manager::::::::
cisco	sd-wan_vbond_orchestrator	*	cpe:2.3:a:cisco:sd-wan_vbond_orchestrator::::::::
cisco	sd-wan_vmanage	*	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
cisco	vsmart_controller_firmware	*	cpe:2.3:o:cisco:vsmart_controller_firmware::::::::
cisco	vsmart_controller	-	cpe:2.3:h:cisco:vsmart_controller:-:::::::*
cisco	vedge_100_firmware	*	cpe:2.3:o:cisco:vedge_100_firmware::::::::
cisco	vedge_100	-	cpe:2.3:h:cisco:vedge_100:-:::::::*
cisco	vedge_1000_firmware	*	cpe:2.3:o:cisco:vedge_1000_firmware::::::::
cisco	vedge_1000	-	cpe:2.3:h:cisco:vedge_1000:-:::::::*
cisco	vedge_100b_firmware	*	cpe:2.3:o:cisco:vedge_100b_firmware::::::::

Rows per page:

1-10 of 211

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2021-1546

cisco1 nessus1 prion1 cve1 cvelist1