Details of VAR-202101-1065

ID

VAR-202101-1065

CVE

CVE-2021-1235

TITLE

Cisco SD-WAN vManage Vulnerability in software leakage of important information to unauthorized control area

Trust: 0.8

sources: JVNDB: JVNDB-2021-002625

DESCRIPTION

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read database files from the filesystem of the underlying operating system. Cisco SD-WAN vManage The software contains a vulnerability related to the leakage of important information to an unauthorized control area.Information may be obtained. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco

Trust: 1.8

sources: NVD: CVE-2021-1235 // JVNDB: JVNDB-2021-002625 // VULHUB: VHN-374289 // VULMON: CVE-2021-1235

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	19.2.3	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-002625 // NVD: CVE-2021-1235

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1235
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1235
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1235
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202101-1515
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374289
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1235
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1235
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374289
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2021-1235
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2021-1235
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-374289 // VULMON: CVE-2021-1235 // JVNDB: JVNDB-2021-002625 // CNNVD: CNNVD-202101-1515 // NVD: CVE-2021-1235 // NVD: CVE-2021-1235

PROBLEMTYPE DATA

problemtype:	CWE-497	Trust: 1.1
problemtype:	Leakage of important information to unauthorized control areas (CWE-497) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374289 // JVNDB: JVNDB-2021-002625 // NVD: CVE-2021-1235

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1515

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-1515

PATCH

title:	cisco-sa-sdwan-vinfdis-MC8L58dj	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vinfdis-MC8L58dj	Trust: 0.8
title:	Cisco SD-WAN vManage Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139779	Trust: 0.6
title:	Cisco: Cisco SD-WAN vManage Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-vinfdis-MC8L58dj	Trust: 0.1

sources: VULMON: CVE-2021-1235 // JVNDB: JVNDB-2021-002625 // CNNVD: CNNVD-202101-1515

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1235	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-002625	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0244	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1515	Trust: 0.6
db:	VULHUB	id:	VHN-374289	Trust: 0.1
db:	VULMON	id:	CVE-2021-1235	Trust: 0.1

sources: VULHUB: VHN-374289 // VULMON: CVE-2021-1235 // JVNDB: JVNDB-2021-002625 // CNNVD: CNNVD-202101-1515 // NVD: CVE-2021-1235

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-vinfdis-mc8l58dj	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1235	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.0244/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/497.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374289 // VULMON: CVE-2021-1235 // JVNDB: JVNDB-2021-002625 // CNNVD: CNNVD-202101-1515 // NVD: CVE-2021-1235

SOURCES

db:	VULHUB	id:	VHN-374289
db:	VULMON	id:	CVE-2021-1235
db:	JVNDB	id:	JVNDB-2021-002625
db:	CNNVD	id:	CNNVD-202101-1515
db:	NVD	id:	CVE-2021-1235

LAST UPDATE DATE

2024-08-14T13:54:17.817000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374289	date:	2021-01-27T00:00:00
db:	VULMON	id:	CVE-2021-1235	date:	2021-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-002625	date:	2021-09-27T09:06:00
db:	CNNVD	id:	CNNVD-202101-1515	date:	2021-02-01T00:00:00
db:	NVD	id:	CVE-2021-1235	date:	2021-01-27T20:47:20.633

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374289	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1235	date:	2021-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-002625	date:	2021-09-27T00:00:00
db:	CNNVD	id:	CNNVD-202101-1515	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1235	date:	2021-01-20T21:15:12.020