Details of VAR-202101-1027

ID

VAR-202101-1027

CVE

CVE-2021-1259

TITLE

Cisco SD-WAN vManage Software Path traversal vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202101-1606

DESCRIPTION

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain write access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to write arbitrary files on the affected system. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco

Trust: 1.08

sources: NVD: CVE-2021-1259 // VULHUB: VHN-374313 // VULMON: CVE-2021-1259

AFFECTED PRODUCTS

vendor:

cisco

model:

sd-wan vmanage

scope:

version:

18.2.0

Trust: 1.0

sources: NVD: CVE-2021-1259

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1259
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1259
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202101-1606
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374313
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1259
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1259
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374313
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1259
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1259
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	3.6
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-374313 // VULMON: CVE-2021-1259 // CNNVD: CNNVD-202101-1606 // NVD: CVE-2021-1259 // NVD: CVE-2021-1259

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.1

sources: VULHUB: VHN-374313 // NVD: CVE-2021-1259

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1606

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202101-1606

PATCH

title:	Cisco SD-WAN vManage Software Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139859	Trust: 0.6
title:	Cisco: Cisco SD-WAN vManage Software Path Traversal Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-vman-pathtrav-Z5mCVsjf	Trust: 0.1

sources: VULMON: CVE-2021-1259 // CNNVD: CNNVD-202101-1606

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1259	Trust: 1.8
db:	CNNVD	id:	CNNVD-202101-1606	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.0244	Trust: 0.6
db:	VULHUB	id:	VHN-374313	Trust: 0.1
db:	VULMON	id:	CVE-2021-1259	Trust: 0.1

sources: VULHUB: VHN-374313 // VULMON: CVE-2021-1259 // CNNVD: CNNVD-202101-1606 // NVD: CVE-2021-1259

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vman-pathtrav-z5mcvsjf	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1259	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0244/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/195341	Trust: 0.1

sources: VULHUB: VHN-374313 // VULMON: CVE-2021-1259 // CNNVD: CNNVD-202101-1606 // NVD: CVE-2021-1259

SOURCES

db:	VULHUB	id:	VHN-374313
db:	VULMON	id:	CVE-2021-1259
db:	CNNVD	id:	CNNVD-202101-1606
db:	NVD	id:	CVE-2021-1259

LAST UPDATE DATE

2024-11-23T21:51:04.869000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374313	date:	2021-01-29T00:00:00
db:	VULMON	id:	CVE-2021-1259	date:	2021-01-29T00:00:00
db:	CNNVD	id:	CNNVD-202101-1606	date:	2021-02-01T00:00:00
db:	NVD	id:	CVE-2021-1259	date:	2024-11-21T05:43:56.873

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374313	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1259	date:	2021-01-20T00:00:00
db:	CNNVD	id:	CNNVD-202101-1606	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1259	date:	2021-01-20T20:15:14.503