CVE-2021-1546 (GCVE-0-2021-1546)

Vulnerability from cvelistv5 – Published: 2021-09-23 02:30 – Updated: 2024-11-07 21:52
VLAI?
Summary
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information.
Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE
Assigner
References
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Vendor Product Version
Cisco Cisco SD-WAN Solution Affected: n/a
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:17.658Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210922 Cisco SD-WAN Software Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1546",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T21:40:31.262640Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T21:52:24.763Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco SD-WAN Solution",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-09-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "CWE-209",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-23T02:30:18",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210922 Cisco SD-WAN Software Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX"
        }
      ],
      "source": {
        "advisory": "cisco-sa-sd-wan-Fhqh8pKX",
        "defect": [
          [
            "CSCvx79335"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco SD-WAN Software Information Disclosure Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-09-22T16:00:00",
          "ID": "CVE-2021-1546",
          "STATE": "PUBLIC",
          "TITLE": "Cisco SD-WAN Software Information Disclosure Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco SD-WAN Solution",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "5.5",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-209"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210922 Cisco SD-WAN Software Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-sd-wan-Fhqh8pKX",
          "defect": [
            [
              "CSCvx79335"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1546",
    "datePublished": "2021-09-23T02:30:18.696150Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-07T21:52:24.763Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"18.4\", \"versionEndExcluding\": \"20.4.2\", \"matchCriteriaId\": \"3A19C57E-75A5-47AA-94B7-A7ADC2CD7091\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.6\", \"versionEndExcluding\": \"20.6.1\", \"matchCriteriaId\": \"D860DAF6-2876-4F54-ACBF-B217E709BD7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"18.4\", \"versionEndExcluding\": \"20.4.2\", \"matchCriteriaId\": \"9F397362-BB17-4F5E-AFA3-B604A96C7BAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.5\", \"versionEndExcluding\": \"20.5.2\", \"matchCriteriaId\": \"15F9C222-75A1-44F8-A726-46CA77430D2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.6\", \"versionEndExcluding\": \"20.6.1\", \"matchCriteriaId\": \"F05A7552-5CFC-47EE-BA6B-98D423761369\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.5\", \"versionEndExcluding\": \"20.5.2\", \"matchCriteriaId\": \"DC5C7C68-74C1-4D7F-848B-16C8566C0F42\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"18.4\", \"versionEndExcluding\": \"20.4.2\", \"matchCriteriaId\": \"D99340DC-B83C-4F81-969F-C0A6E7CC4A54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.5\", \"versionEndExcluding\": \"20.5.2\", \"matchCriteriaId\": \"918ACCD9-0F3F-4EF3-8C0A-AE30F69BC8E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.6\", \"versionEndExcluding\": \"20.6.1\", \"matchCriteriaId\": \"6A923BEA-61C4-4A2E-A7DD-BB389FF661CB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:vsmart_controller:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF370668-127C-409B-83FE-293B830D4FB4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"18.4\", \"versionEndExcluding\": \"20.4.2\", \"matchCriteriaId\": \"F7887226-3051-4914-8B0E-5DF4296AB68E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.5\", \"versionEndExcluding\": \"20.5.2\", \"matchCriteriaId\": \"210F5970-F029-4E1F-97E4-0813F78CA88C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.6\", \"versionEndExcluding\": \"20.6.1\", \"matchCriteriaId\": \"99B58689-4FDF-4811-B1EE-584F777B696D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00AAB4DD-1C45-412F-84AA-C056A0BBFB9A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"18.4\", \"versionEndExcluding\": \"20.4.2\", \"matchCriteriaId\": \"F443A171-E27A-4173-BB09-77E0A1587CE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.5\", \"versionEndExcluding\": \"20.5.2\", \"matchCriteriaId\": \"047C57D1-C8B3-46F2-8B02-8467AF57D71A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.6\", \"versionEndExcluding\": \"20.6.1\", \"matchCriteriaId\": \"2FF65836-25C3-46C7-8989-9ABF3069D13F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F019975D-3A45-4522-9CB9-F4258C371DF6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"18.4\", \"versionEndExcluding\": \"20.4.2\", \"matchCriteriaId\": \"61682805-F527-473D-970A-B68053889AC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.5\", \"versionEndExcluding\": \"20.5.2\", \"matchCriteriaId\": \"B1ECE5A2-ED32-4453-A0FC-78A3D0D4F554\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.6\", \"versionEndExcluding\": \"20.6.1\", \"matchCriteriaId\": \"E3A99ECD-E6FE-4BF8-BE6D-22005B5E387A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0811E0B5-889E-451E-B754-A8FEE32BDFA2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"18.4\", \"versionEndExcluding\": \"20.4.2\", \"matchCriteriaId\": \"3E00BBD5-A34A-47EF-9BCA-7100D2282A72\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.5\", \"versionEndExcluding\": \"20.5.2\", \"matchCriteriaId\": \"F42BACEF-31BE-4FEF-8BD3-8EC2D5A59194\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.6\", \"versionEndExcluding\": \"20.6.1\", \"matchCriteriaId\": \"00A3ECC6-E30A-4611-9872-8C6133F4A0C6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36973815-F46D-4ADA-B9DF-BCB70AC60BD3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"18.4\", \"versionEndExcluding\": \"20.4.2\", \"matchCriteriaId\": \"449AC46F-BE53-4706-A448-83A848492637\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.5\", \"versionEndExcluding\": \"20.5.2\", \"matchCriteriaId\": \"42659BBF-8707-4DAC-8A5D-0E9DC10DD68F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.6\", \"versionEndExcluding\": \"20.6.1\", \"matchCriteriaId\": \"D9899709-00DD-4934-9A54-3FDB171C2E74\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"061A302C-8D35-4E80-93DA-916DA7E90C06\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"18.4\", \"versionEndExcluding\": \"20.4.2\", \"matchCriteriaId\": \"A27667C1-0EF2-419D-A216-83FBC3F5A61E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.5\", \"versionEndExcluding\": \"20.5.2\", \"matchCriteriaId\": \"6954D048-EE8D-4923-9F10-18FD941AF72A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.6\", \"versionEndExcluding\": \"20.6.1\", \"matchCriteriaId\": \"95ED1F5D-5573-4886-A875-10DD93AE495B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"140AF13E-4463-478B-AA94-97406A80CB86\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"18.4\", \"versionEndExcluding\": \"20.4.2\", \"matchCriteriaId\": \"FB95804D-0357-4F33-ABB2-AB04C34D3095\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.5\", \"versionEndExcluding\": \"20.5.2\", \"matchCriteriaId\": \"DAE58206-30C8-4734-B5BB-1FD631351F49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.6\", \"versionEndExcluding\": \"20.6.1\", \"matchCriteriaId\": \"BCB1732D-73DA-4125-A2FE-A79435B550AC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1356861D-E6CA-4973-9597-629507E8C07E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"18.4\", \"versionEndExcluding\": \"20.4.2\", \"matchCriteriaId\": \"56637DFC-FD0A-4714-9988-2DE80B3FB7BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.5\", \"versionEndExcluding\": \"20.5.2\", \"matchCriteriaId\": \"00C2DEED-5833-4E13-BBB3-5E5FE837979D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"20.6\", \"versionEndExcluding\": \"20.6.1\", \"matchCriteriaId\": \"6BF84BFB-E819-4C59-B16D-B00508218CE3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:vedge_cloud:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94999112-9EAA-4707-B002-F867D7628C49\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en la CLI de Cisco SD-WAN Software podr\\u00eda permitir a un atacante local autenticado acceder a informaci\\u00f3n confidencial. Esta vulnerabilidad es debido a protecciones inapropiadas en el acceso a archivos mediante la CLI. Un atacante podr\\u00eda explotar esta vulnerabilidad al ejecutar un comando de la CLI que tenga como objetivo un archivo arbitrario en el sistema local. Una explotaci\\u00f3n con \\u00e9xito podr\\u00eda permitir al atacante devolver porciones de un archivo arbitrario, posiblemente resultando en una divulgaci\\u00f3n de informaci\\u00f3n confidencial\"}]",
      "id": "CVE-2021-1546",
      "lastModified": "2024-11-21T05:44:35.523",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-09-23T03:15:11.183",
      "references": "[{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-209\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-209\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-1546\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2021-09-23T03:15:11.183\",\"lastModified\":\"2024-11-21T05:44:35.523\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la CLI de Cisco SD-WAN Software podr\u00eda permitir a un atacante local autenticado acceder a informaci\u00f3n confidencial. Esta vulnerabilidad es debido a protecciones inapropiadas en el acceso a archivos mediante la CLI. Un atacante podr\u00eda explotar esta vulnerabilidad al ejecutar un comando de la CLI que tenga como objetivo un archivo arbitrario en el sistema local. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante devolver porciones de un archivo arbitrario, posiblemente resultando en una divulgaci\u00f3n de informaci\u00f3n confidencial\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-209\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-209\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.4\",\"versionEndExcluding\":\"20.4.2\",\"matchCriteriaId\":\"3A19C57E-75A5-47AA-94B7-A7ADC2CD7091\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.6\",\"versionEndExcluding\":\"20.6.1\",\"matchCriteriaId\":\"D860DAF6-2876-4F54-ACBF-B217E709BD7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.4\",\"versionEndExcluding\":\"20.4.2\",\"matchCriteriaId\":\"9F397362-BB17-4F5E-AFA3-B604A96C7BAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.5\",\"versionEndExcluding\":\"20.5.2\",\"matchCriteriaId\":\"15F9C222-75A1-44F8-A726-46CA77430D2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.6\",\"versionEndExcluding\":\"20.6.1\",\"matchCriteriaId\":\"F05A7552-5CFC-47EE-BA6B-98D423761369\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.5\",\"versionEndExcluding\":\"20.5.2\",\"matchCriteriaId\":\"DC5C7C68-74C1-4D7F-848B-16C8566C0F42\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.4\",\"versionEndExcluding\":\"20.4.2\",\"matchCriteriaId\":\"D99340DC-B83C-4F81-969F-C0A6E7CC4A54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.5\",\"versionEndExcluding\":\"20.5.2\",\"matchCriteriaId\":\"918ACCD9-0F3F-4EF3-8C0A-AE30F69BC8E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.6\",\"versionEndExcluding\":\"20.6.1\",\"matchCriteriaId\":\"6A923BEA-61C4-4A2E-A7DD-BB389FF661CB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:vsmart_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF370668-127C-409B-83FE-293B830D4FB4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.4\",\"versionEndExcluding\":\"20.4.2\",\"matchCriteriaId\":\"F7887226-3051-4914-8B0E-5DF4296AB68E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.5\",\"versionEndExcluding\":\"20.5.2\",\"matchCriteriaId\":\"210F5970-F029-4E1F-97E4-0813F78CA88C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.6\",\"versionEndExcluding\":\"20.6.1\",\"matchCriteriaId\":\"99B58689-4FDF-4811-B1EE-584F777B696D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00AAB4DD-1C45-412F-84AA-C056A0BBFB9A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.4\",\"versionEndExcluding\":\"20.4.2\",\"matchCriteriaId\":\"F443A171-E27A-4173-BB09-77E0A1587CE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.5\",\"versionEndExcluding\":\"20.5.2\",\"matchCriteriaId\":\"047C57D1-C8B3-46F2-8B02-8467AF57D71A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.6\",\"versionEndExcluding\":\"20.6.1\",\"matchCriteriaId\":\"2FF65836-25C3-46C7-8989-9ABF3069D13F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F019975D-3A45-4522-9CB9-F4258C371DF6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.4\",\"versionEndExcluding\":\"20.4.2\",\"matchCriteriaId\":\"61682805-F527-473D-970A-B68053889AC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.5\",\"versionEndExcluding\":\"20.5.2\",\"matchCriteriaId\":\"B1ECE5A2-ED32-4453-A0FC-78A3D0D4F554\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.6\",\"versionEndExcluding\":\"20.6.1\",\"matchCriteriaId\":\"E3A99ECD-E6FE-4BF8-BE6D-22005B5E387A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0811E0B5-889E-451E-B754-A8FEE32BDFA2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.4\",\"versionEndExcluding\":\"20.4.2\",\"matchCriteriaId\":\"3E00BBD5-A34A-47EF-9BCA-7100D2282A72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.5\",\"versionEndExcluding\":\"20.5.2\",\"matchCriteriaId\":\"F42BACEF-31BE-4FEF-8BD3-8EC2D5A59194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.6\",\"versionEndExcluding\":\"20.6.1\",\"matchCriteriaId\":\"00A3ECC6-E30A-4611-9872-8C6133F4A0C6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36973815-F46D-4ADA-B9DF-BCB70AC60BD3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.4\",\"versionEndExcluding\":\"20.4.2\",\"matchCriteriaId\":\"449AC46F-BE53-4706-A448-83A848492637\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.5\",\"versionEndExcluding\":\"20.5.2\",\"matchCriteriaId\":\"42659BBF-8707-4DAC-8A5D-0E9DC10DD68F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.6\",\"versionEndExcluding\":\"20.6.1\",\"matchCriteriaId\":\"D9899709-00DD-4934-9A54-3FDB171C2E74\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"061A302C-8D35-4E80-93DA-916DA7E90C06\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.4\",\"versionEndExcluding\":\"20.4.2\",\"matchCriteriaId\":\"A27667C1-0EF2-419D-A216-83FBC3F5A61E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.5\",\"versionEndExcluding\":\"20.5.2\",\"matchCriteriaId\":\"6954D048-EE8D-4923-9F10-18FD941AF72A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.6\",\"versionEndExcluding\":\"20.6.1\",\"matchCriteriaId\":\"95ED1F5D-5573-4886-A875-10DD93AE495B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"140AF13E-4463-478B-AA94-97406A80CB86\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.4\",\"versionEndExcluding\":\"20.4.2\",\"matchCriteriaId\":\"FB95804D-0357-4F33-ABB2-AB04C34D3095\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.5\",\"versionEndExcluding\":\"20.5.2\",\"matchCriteriaId\":\"DAE58206-30C8-4734-B5BB-1FD631351F49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.6\",\"versionEndExcluding\":\"20.6.1\",\"matchCriteriaId\":\"BCB1732D-73DA-4125-A2FE-A79435B550AC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1356861D-E6CA-4973-9597-629507E8C07E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.4\",\"versionEndExcluding\":\"20.4.2\",\"matchCriteriaId\":\"56637DFC-FD0A-4714-9988-2DE80B3FB7BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.5\",\"versionEndExcluding\":\"20.5.2\",\"matchCriteriaId\":\"00C2DEED-5833-4E13-BBB3-5E5FE837979D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.6\",\"versionEndExcluding\":\"20.6.1\",\"matchCriteriaId\":\"6BF84BFB-E819-4C59-B16D-B00508218CE3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:vedge_cloud:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94999112-9EAA-4707-B002-F867D7628C49\"}]}]}],\"references\":[{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"Cisco SD-WAN Solution\", \"vendor\": \"Cisco\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2021-09-22T00:00:00\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information.\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"LOCAL\", \"availabilityImpact\": \"NONE\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"version\": \"3.1\"}}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-209\", \"description\": \"CWE-209\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2021-09-23T02:30:18\", \"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\"}, \"references\": [{\"name\": \"20210922 Cisco SD-WAN Software Information Disclosure Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"], \"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX\"}], \"source\": {\"advisory\": \"cisco-sa-sd-wan-Fhqh8pKX\", \"defect\": [[\"CSCvx79335\"]], \"discovery\": \"INTERNAL\"}, \"title\": \"Cisco SD-WAN Software Information Disclosure Vulnerability\", \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2021-09-22T16:00:00\", \"ID\": \"CVE-2021-1546\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco SD-WAN Software Information Disclosure Vulnerability\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"Cisco SD-WAN Solution\", \"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}}]}, \"vendor_name\": \"Cisco\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information.\"}]}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"impact\": {\"cvss\": {\"baseScore\": \"5.5\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"version\": \"3.0\"}}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-209\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"20210922 Cisco SD-WAN Software Information Disclosure Vulnerability\", \"refsource\": \"CISCO\", \"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX\"}]}, \"source\": {\"advisory\": \"cisco-sa-sd-wan-Fhqh8pKX\", \"defect\": [[\"CSCvx79335\"]], \"discovery\": \"INTERNAL\"}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T16:11:17.658Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"20210922 Cisco SD-WAN Software Information Disclosure Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"], \"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-1546\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-07T21:40:31.262640Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-07T21:41:19.383Z\"}}]}",
      "cveMetadata": "{\"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"assignerShortName\": \"cisco\", \"cveId\": \"CVE-2021-1546\", \"datePublished\": \"2021-09-23T02:30:18.696150Z\", \"dateReserved\": \"2020-11-13T00:00:00\", \"dateUpdated\": \"2024-11-07T21:52:24.763Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.