Details of VAR-202101-1064

ID

VAR-202101-1064

CVE

CVE-2021-1233

TITLE

Cisco SD-WAN Software vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-002624

DESCRIPTION

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerability by sending a crafted request to the iperf tool, which is included in Cisco SD-WAN Software. A successful exploit could allow the attacker to obtain any file from the filesystem of an affected device. Cisco SD-WAN There are unspecified vulnerabilities in the software.Information may be obtained. Cisco SD-WAN vEdge is a router from Cisco of the United States. This device can provide basic WAN, security and multi-cloud functions for Cisco SD-WAN solutions. Cisco SD-WAN vManage is a software provided by Cisco in the United States that provides software-defined network functions. This software is a way of network virtualization. Cisco SD-WAN Software versions prior to 18.4.3 have information disclosure vulnerabilities

Trust: 2.34

sources: NVD: CVE-2021-1233 // JVNDB: JVNDB-2021-002624 // CNVD: CNVD-2021-09304 // VULHUB: VHN-374287 // VULMON: CVE-2021-1233

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-09304

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan	scope:	lt	version:	18.4.3	Trust: 1.6
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	eq	version:	-	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan vbond orchestrator	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2021-09304 // JVNDB: JVNDB-2021-002624 // NVD: CVE-2021-1233

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1233
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1233
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1233
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-09304
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202101-1518
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374287
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1233
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1233
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-09304
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-374287
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2021-1233
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2021-1233
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-09304 // VULHUB: VHN-374287 // VULMON: CVE-2021-1233 // JVNDB: JVNDB-2021-002624 // CNNVD: CNNVD-202101-1518 // NVD: CVE-2021-1233 // NVD: CVE-2021-1233

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374287 // JVNDB: JVNDB-2021-002624 // NVD: CVE-2021-1233

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1518

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202101-1518

PATCH

title:	cisco-sa-sdwan-infodis-2-UPO232DG	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-infodis-2-UPO232DG	Trust: 0.8
title:	Patch for Cisco SD-WAN Software information disclosure vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/247216	Trust: 0.6
title:	Multiple Cisco SD-WAN Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139782	Trust: 0.6
title:	Cisco: Cisco SD-WAN Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-infodis-2-UPO232DG	Trust: 0.1

sources: CNVD: CNVD-2021-09304 // VULMON: CVE-2021-1233 // JVNDB: JVNDB-2021-002624 // CNNVD: CNNVD-202101-1518

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1233	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-002624	Trust: 0.8
db:	CNVD	id:	CNVD-2021-09304	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0241	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1518	Trust: 0.6
db:	VULHUB	id:	VHN-374287	Trust: 0.1
db:	VULMON	id:	CVE-2021-1233	Trust: 0.1

sources: CNVD: CNVD-2021-09304 // VULHUB: VHN-374287 // VULMON: CVE-2021-1233 // JVNDB: JVNDB-2021-002624 // CNNVD: CNNVD-202101-1518 // NVD: CVE-2021-1233

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-infodis-2-upo232dg	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1233	Trust: 2.0
url:	https://www.auscert.org.au/bulletins/esb-2021.0241/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-information-disclosure-via-iperf-tool-34397	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/195332	Trust: 0.1

sources: CNVD: CNVD-2021-09304 // VULHUB: VHN-374287 // VULMON: CVE-2021-1233 // JVNDB: JVNDB-2021-002624 // CNNVD: CNNVD-202101-1518 // NVD: CVE-2021-1233

SOURCES

db:	CNVD	id:	CNVD-2021-09304
db:	VULHUB	id:	VHN-374287
db:	VULMON	id:	CVE-2021-1233
db:	JVNDB	id:	JVNDB-2021-002624
db:	CNNVD	id:	CNNVD-202101-1518
db:	NVD	id:	CVE-2021-1233

LAST UPDATE DATE

2024-08-14T13:23:53.704000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-09304	date:	2021-02-05T00:00:00
db:	VULHUB	id:	VHN-374287	date:	2021-01-27T00:00:00
db:	VULMON	id:	CVE-2021-1233	date:	2021-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-002624	date:	2021-09-27T09:06:00
db:	CNNVD	id:	CNNVD-202101-1518	date:	2021-02-01T00:00:00
db:	NVD	id:	CVE-2021-1233	date:	2023-10-06T16:24:48.993

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-09304	date:	2021-02-05T00:00:00
db:	VULHUB	id:	VHN-374287	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1233	date:	2021-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-002624	date:	2021-09-27T00:00:00
db:	CNNVD	id:	CNNVD-202101-1518	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1233	date:	2021-01-20T21:15:11.943