ID
VAR-202103-0774
CVE
CVE-2021-1436
TITLE
Cisco IOS XE SD-WAN Traversal Vulnerability in Japan
Trust: 0.8
sources:
JVNDB: JVNDB-2021-004763
DESCRIPTION
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system. Cisco IOS XE SD-WAN Contains a path traversal vulnerability.Information may be obtained
Trust: 1.8
sources:
NVD: CVE-2021-1436 //
JVNDB: JVNDB-2021-004763 //
VULHUB: VHN-374490 //
VULMON: CVE-2021-1436
AFFECTED PRODUCTS
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.12.1z | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.11.1b | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.12.2 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.12.2t | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.12.1y | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.12.3a | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 17.2.1a | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 17.1.1 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.12.1t | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.12.1za | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 17.1.1a | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.12.1s | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.11.2 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.11.1a | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.12.2a | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 17.1.2 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.15.2xbs | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.12.1a | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.12.1w | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 17.1.1s | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.12.4a | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 17.2.1v | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 17.2.2 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 17.1.1t | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.12.1x | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.12.1 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 3.15.1xbs | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.11.1 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.12.4 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.11.1c | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 17.2.1 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.11.1s | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 17.2.1r | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.12.3 | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.12.3s | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.12.1c | Trust: 1.0 |
| vendor: | cisco | model: | ios xe | scope: | eq | version: | 16.12.2s | Trust: 1.0 |
| vendor: | シスコシステムズ | model: | cisco ios xe | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シスコシステムズ | model: | cisco ios xe | scope: | eq | version: | - | Trust: 0.8 |
sources:
JVNDB: JVNDB-2021-004763 //
NVD: CVE-2021-1436
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULHUB: VHN-374490 //
VULMON: CVE-2021-1436 //
JVNDB: JVNDB-2021-004763 //
CNNVD: CNNVD-202103-1397 //
NVD: CVE-2021-1436 //
NVD: CVE-2021-1436
PROBLEMTYPE DATA
| problemtype: | CWE-22 | Trust: 1.1 |
| problemtype: | Path traversal (CWE-22) [ Other ] | Trust: 0.8 |
sources:
VULHUB: VHN-374490 //
JVNDB: JVNDB-2021-004763 //
NVD: CVE-2021-1436
THREAT TYPE
local
Trust: 0.6
sources:
CNNVD: CNNVD-202103-1397
TYPE
path traversal
Trust: 0.6
sources:
CNNVD: CNNVD-202103-1397
PATCH
| title: | cisco-sa-iosxe-sdwpathtrav-nsrue2Mt | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-sdwpathtrav-nsrue2Mt | Trust: 0.8 |
| title: | Cisco IOS XE SD-WAN Software Repair measures for path traversal vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145701 | Trust: 0.6 |
| title: | Cisco: Cisco IOS XE SD-WAN Software Path Traversal Vulnerability | url: | https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iosxe-sdwpathtrav-nsrue2Mt | Trust: 0.1 |
sources:
VULMON: CVE-2021-1436 //
JVNDB: JVNDB-2021-004763 //
CNNVD: CNNVD-202103-1397
EXTERNAL IDS
| db: | NVD | id: | CVE-2021-1436 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2021-004763 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202103-1397 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-374490 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2021-1436 | Trust: 0.1 |
sources:
VULHUB: VHN-374490 //
VULMON: CVE-2021-1436 //
JVNDB: JVNDB-2021-004763 //
CNNVD: CNNVD-202103-1397 //
NVD: CVE-2021-1436
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iosxe-sdwpathtrav-nsrue2mt | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2021-1436 | Trust: 1.4 |
| url: | https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/22.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/198720 | Trust: 0.1 |
sources:
VULHUB: VHN-374490 //
VULMON: CVE-2021-1436 //
JVNDB: JVNDB-2021-004763 //
CNNVD: CNNVD-202103-1397 //
NVD: CVE-2021-1436
SOURCES
| db: | VULHUB | id: | VHN-374490 |
| db: | VULMON | id: | CVE-2021-1436 |
| db: | JVNDB | id: | JVNDB-2021-004763 |
| db: | CNNVD | id: | CNNVD-202103-1397 |
| db: | NVD | id: | CVE-2021-1436 |
LAST UPDATE DATE
2024-08-14T15:38:09.079000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-374490 | date: | 2021-03-29T00:00:00 |
| db: | VULMON | id: | CVE-2021-1436 | date: | 2021-03-29T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-004763 | date: | 2021-11-29T09:16:00 |
| db: | CNNVD | id: | CNNVD-202103-1397 | date: | 2021-03-30T00:00:00 |
| db: | NVD | id: | CVE-2021-1436 | date: | 2023-11-07T03:28:18.567 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-374490 | date: | 2021-03-24T00:00:00 |
| db: | VULMON | id: | CVE-2021-1436 | date: | 2021-03-24T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-004763 | date: | 2021-11-29T00:00:00 |
| db: | CNNVD | id: | CNNVD-202103-1397 | date: | 2021-03-24T00:00:00 |
| db: | NVD | id: | CVE-2021-1436 | date: | 2021-03-24T20:15:14.820 |