Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2021-1512

Published

2 years ago

Last Modified

6 months ago

CVSSv2.0 Severity

Low

CVSSv3.1 Severity

Medium

Impact Analysis

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content in any arbitrary files that reside on the underlying host file system..

CVSSv2.0 Score

Severity: Low
Base Score: 3.6/10
Exploit Score: 3.9/10
Access Vector: Local
Access Complexity: Low
Authentication Required: None
Impact Score: 4.9/10
Confidentiality Impact: None
Availability Impact: Partial
Integrity Impact: Partial

CVSSv3.1 Score

Severity: Medium
Base Score: 6/10
Exploit Score: 0.8/10
Access Vector: Local
Access Complexity: Low
Privileges Required: High
Impact Score: 5.2/10
Confidentiality Impact: None
Availability Impact: High
Integrity Impact: High
Scope: Unchanged
User Interaction: None

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:::::::*	Yes	-	-
cpe:2.3:a:cisco:sd-wan_vmanage::::::::	Yes	-	18.4.6
cpe:2.3:a:cisco:sd-wan_vmanage::::::::	Yes	20.1	20.1.2
cpe:2.3:a:cisco:catalyst_sd-wan_manager::::::::	Yes	20.4	20.4.1
cpe:2.3:a:cisco:catalyst_sd-wan_manager::::::::	Yes	19.2	19.2.3
cpe:2.3:a:cisco:catalyst_sd-wan_manager::::::::	Yes	20.3	20.3.1
cpe:2.3:a:cisco:catalyst_sd-wan_manager::::::::	Yes	20.5	20.5.1

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arb