Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-1235

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read database files from the filesystem of the underlying operating system.

Published

2021-01-20T21:15:12.020

Last Modified

2024-11-21T05:43:53.643

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

6.9

Weaknesses

Type: Primary
CWE-497

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	sd-wan_vmanage	< 19.2.3	Yes

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vinfdis-MC8L58dj Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vinfdis-MC8L58dj Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)