CVE-2021-1512

EPSS 0.06%
Veröffentlicht 06.05.2021 13:15:10
Zuletzt bearbeitet 21.11.2024 05:44:31
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content in any arbitrary files that reside on the underlying host file system.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Catalyst Sd-wan Manager Version >= 19.2 < 19.2.3

Cisco ≫ Catalyst Sd-wan Manager Version >= 20.3 < 20.3.1

Cisco ≫ Catalyst Sd-wan Manager Version >= 20.4 < 20.4.1

Cisco ≫ Catalyst Sd-wan Manager Version >= 20.5 < 20.5.1

Cisco ≫ Sd-wan Vbond Orchestrator Version-

Cisco ≫ Sd-wan Vmanage Version < 18.4.6

Cisco ≫ Sd-wan Vmanage Version >= 20.1 < 20.1.2

Cisco ≫ Vsmart Controller Firmware Version-

Cisco ≫ Vsmart Controller Version-

Cisco ≫ Vedge 100 Firmware Version-

Cisco ≫ Vedge 100 Version-

Cisco ≫ Vedge 1000 Firmware Version-

Cisco ≫ Vedge 1000 Version-

Cisco ≫ Vedge 100b Firmware Version-

Cisco ≫ Vedge 100b Version-

Cisco ≫ Vedge 100m Firmware Version-

Cisco ≫ Vedge 100m Version-

Cisco ≫ Vedge 100wm Firmware Version-

Cisco ≫ Vedge 100wm Version-

Cisco ≫ Vedge 2000 Firmware Version-

Cisco ≫ Vedge 2000 Version-

Cisco ≫ Vedge 5000 Firmware Version-

Cisco ≫ Vedge 5000 Version-

Cisco ≫ Vedge-100b Firmware Version-

Cisco ≫ Vedge-100b Version-

Cisco ≫ Vedge Cloud Firmware Version-

Cisco ≫ Vedge Cloud Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.169

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6	0.8	5.2	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:N/I:P/A:P
psirt@cisco.com	4.4	0.8	3.6	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfile-7Qhd9mCn

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-1512

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-1512

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-1512

EUVD