Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-1512

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content in any arbitrary files that reside on the underlying host file system.

Published

2021-05-06T13:15:10.817

Last Modified

2024-11-21T05:44:31.073

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.0 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

4.9

Weaknesses

Type: Primary
CWE-552

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	catalyst_sd-wan_manager	< 19.2.3	Yes
Application	cisco	catalyst_sd-wan_manager	< 20.3.1	Yes
Application	cisco	catalyst_sd-wan_manager	< 20.4.1	Yes
Application	cisco	catalyst_sd-wan_manager	< 20.5.1	Yes
Application	cisco	sd-wan_vbond_orchestrator	-	Yes
Application	cisco	sd-wan_vmanage	< 18.4.6	Yes
Application	cisco	sd-wan_vmanage	< 20.1.2	Yes
Operating System	cisco	vsmart_controller_firmware	-	Yes
Hardware	cisco	vsmart_controller	-	No
Operating System	cisco	vedge_100_firmware	-	Yes
Hardware	cisco	vedge_100	-	No
Operating System	cisco	vedge_1000_firmware	-	Yes
Hardware	cisco	vedge_1000	-	No
Operating System	cisco	vedge_100b_firmware	-	Yes
Hardware	cisco	vedge_100b	-	No
Operating System	cisco	vedge_100m_firmware	-	Yes
Hardware	cisco	vedge_100m	-	No
Operating System	cisco	vedge_100wm_firmware	-	Yes
Hardware	cisco	vedge_100wm	-	No
Operating System	cisco	vedge_2000_firmware	-	Yes
Hardware	cisco	vedge_2000	-	No
Operating System	cisco	vedge_5000_firmware	-	Yes
Hardware	cisco	vedge_5000	-	No
Operating System	cisco	vedge-100b_firmware	-	Yes
Hardware	cisco	vedge-100b	-	No
Operating System	cisco	vedge_cloud_firmware	-	Yes
Hardware	cisco	vedge_cloud	-	No

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfile-7Qhd9mCn Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfile-7Qhd9mCn Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)