5.5

CVE-2021-1546

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoCatalyst Sd-wan Manager Version >= 18.4 < 20.4.2
CiscoCatalyst Sd-wan Manager Version >= 20.6 < 20.6.1
CiscoSd-wan Vbond Orchestrator Version >= 18.4 < 20.4.2
CiscoSd-wan Vbond Orchestrator Version >= 20.5 < 20.5.2
CiscoSd-wan Vbond Orchestrator Version >= 20.6 < 20.6.1
CiscoSd-wan Vmanage Version >= 20.5 < 20.5.2
CiscoVsmart Controller Firmware Version >= 18.4 < 20.4.2
   CiscoVsmart Controller Version-
CiscoVsmart Controller Firmware Version >= 20.5 < 20.5.2
   CiscoVsmart Controller Version-
CiscoVsmart Controller Firmware Version >= 20.6 < 20.6.1
   CiscoVsmart Controller Version-
CiscoVedge 100 Firmware Version >= 18.4 < 20.4.2
   CiscoVedge 100 Version-
CiscoVedge 100 Firmware Version >= 20.5 < 20.5.2
   CiscoVedge 100 Version-
CiscoVedge 100 Firmware Version >= 20.6 < 20.6.1
   CiscoVedge 100 Version-
CiscoVedge 1000 Firmware Version >= 18.4 < 20.4.2
   CiscoVedge 1000 Version-
CiscoVedge 1000 Firmware Version >= 20.5 < 20.5.2
   CiscoVedge 1000 Version-
CiscoVedge 1000 Firmware Version >= 20.6 < 20.6.1
   CiscoVedge 1000 Version-
CiscoVedge 100b Firmware Version >= 18.4 < 20.4.2
   CiscoVedge 100b Version-
CiscoVedge 100b Firmware Version >= 20.5 < 20.5.2
   CiscoVedge 100b Version-
CiscoVedge 100b Firmware Version >= 20.6 < 20.6.1
   CiscoVedge 100b Version-
CiscoVedge 100m Firmware Version >= 18.4 < 20.4.2
   CiscoVedge 100m Version-
CiscoVedge 100m Firmware Version >= 20.5 < 20.5.2
   CiscoVedge 100m Version-
CiscoVedge 100m Firmware Version >= 20.6 < 20.6.1
   CiscoVedge 100m Version-
CiscoVedge 100wm Firmware Version >= 18.4 < 20.4.2
   CiscoVedge 100wm Version-
CiscoVedge 100wm Firmware Version >= 20.5 < 20.5.2
   CiscoVedge 100wm Version-
CiscoVedge 100wm Firmware Version >= 20.6 < 20.6.1
   CiscoVedge 100wm Version-
CiscoVedge 2000 Firmware Version >= 18.4 < 20.4.2
   CiscoVedge 2000 Version-
CiscoVedge 2000 Firmware Version >= 20.5 < 20.5.2
   CiscoVedge 2000 Version-
CiscoVedge 2000 Firmware Version >= 20.6 < 20.6.1
   CiscoVedge 2000 Version-
CiscoVedge 5000 Firmware Version >= 18.4 < 20.4.2
   CiscoVedge 5000 Version-
CiscoVedge 5000 Firmware Version >= 20.5 < 20.5.2
   CiscoVedge 5000 Version-
CiscoVedge 5000 Firmware Version >= 20.6 < 20.6.1
   CiscoVedge 5000 Version-
CiscoVedge Cloud Firmware Version >= 18.4 < 20.4.2
   CiscoVedge Cloud Version-
CiscoVedge Cloud Firmware Version >= 20.5 < 20.5.2
   CiscoVedge Cloud Version-
CiscoVedge Cloud Firmware Version >= 20.6 < 20.6.1
   CiscoVedge Cloud Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.326
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
psirt@cisco.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.