Skip to main content

Sd Wan Vmanage CVE-2021-1235

MEDIUM
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)
2021-01-20 psirt@cisco.com
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jan 20, 2021 - 21:15 nvd
MEDIUM 5.5

DescriptionNVD

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read database files from the filesystem of the underlying operating system.

AnalysisAI

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-497. A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read database files from the filesystem of the underlying operating system. Affected products include: Cisco Sd-Wan Vmanage.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-1468 CRITICAL
9.8 May 06

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

CVE-2021-1479 CRITICAL
9.8 Apr 08

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

CVE-2023-20214 CRITICAL
9.1 Aug 03

A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow a

CVE-2021-1225 CRITICAL
9.1 Jan 20

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthent

CVE-2022-20696 HIGH
8.8 Sep 08

A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated,

CVE-2021-1508 HIGH
8.8 May 06

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

CVE-2021-1505 HIGH
8.8 May 06

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

CVE-2021-1284 HIGH
8.8 May 06

A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthentic

CVE-2022-20818 HIGH
7.8 Sep 30

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevat

CVE-2021-1514 HIGH
7.8 May 06

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary com

CVE-2021-1480 HIGH
7.8 Apr 08

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

CVE-2021-1137 HIGH
7.8 Apr 08

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

Share

CVE-2021-1235 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy