ID

VAR-202105-0640


CVE

CVE-2021-1512


TITLE

Cisco SD-WAN  Software vulnerabilities to externally accessible files or directories

Trust: 0.8

sources: JVNDB: JVNDB-2021-006516

DESCRIPTION

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content in any arbitrary files that reside on the underlying host file system. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco SD-WAN vManage is a software from Cisco that provides software-defined network functions. The software is a form of network virtualization

Trust: 2.34

sources: NVD: CVE-2021-1512 // JVNDB: JVNDB-2021-006516 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374566 // VULMON: CVE-2021-1512

AFFECTED PRODUCTS

vendor:ciscomodel:vedge 5000scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.5.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:19.2

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:gteversion:20.1

Trust: 1.0

vendor:ciscomodel:vedge 100scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:vsmart controllerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.4

Trust: 1.0

vendor:ciscomodel:vedge cloudscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:vedge 100wmscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:ltversion:18.4.6

Trust: 1.0

vendor:ciscomodel:vedge 2000scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:ltversion:20.1.2

Trust: 1.0

vendor:ciscomodel:vedge-100bscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:vedge 1000scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.4.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.3

Trust: 1.0

vendor:ciscomodel:vedge 100bscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:vedge 100mscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:19.2.3

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.3.1

Trust: 1.0

vendor:シスコシステムズmodel:vedge 100wmscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 100scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 100mscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 100bscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 2000scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vsmart controllerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 5000scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vbond orchestratorscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 1000scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-006516 // NVD: CVE-2021-1512

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1512
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1512
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1512
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-142
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374566
value: LOW

Trust: 0.1

VULMON: CVE-2021-1512
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-1512
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374566
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1512
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1512
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2021-1512
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374566 // VULMON: CVE-2021-1512 // JVNDB: JVNDB-2021-006516 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-142 // NVD: CVE-2021-1512 // NVD: CVE-2021-1512

PROBLEMTYPE DATA

problemtype:CWE-552

Trust: 1.1

problemtype:Externally accessible file or directory (CWE-552) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374566 // JVNDB: JVNDB-2021-006516 // NVD: CVE-2021-1512

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-142

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-142

PATCH

title:cisco-sa-sdwan-arbfile-7Qhd9mCnurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfile-7Qhd9mCn

Trust: 0.8

title:Cisco SD-WAN Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150533

Trust: 0.6

title:Cisco: Cisco SD-WAN Software Arbitrary File Corruption Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-arbfile-7Qhd9mCn

Trust: 0.1

sources: VULMON: CVE-2021-1512 // JVNDB: JVNDB-2021-006516 // CNNVD: CNNVD-202105-142

EXTERNAL IDS

db:NVDid:CVE-2021-1512

Trust: 3.4

db:JVNDBid:JVNDB-2021-006516

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.1535

Trust: 0.6

db:CS-HELPid:SB2021050619

Trust: 0.6

db:CNNVDid:CNNVD-202105-142

Trust: 0.6

db:VULHUBid:VHN-374566

Trust: 0.1

db:VULMONid:CVE-2021-1512

Trust: 0.1

sources: VULHUB: VHN-374566 // VULMON: CVE-2021-1512 // JVNDB: JVNDB-2021-006516 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-142 // NVD: CVE-2021-1512

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-arbfile-7qhd9mcn

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1512

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-file-corruption-via-cli-35266

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1535

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021050619

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/552.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374566 // VULMON: CVE-2021-1512 // JVNDB: JVNDB-2021-006516 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-142 // NVD: CVE-2021-1512

SOURCES

db:VULHUBid:VHN-374566
db:VULMONid:CVE-2021-1512
db:JVNDBid:JVNDB-2021-006516
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-142
db:NVDid:CVE-2021-1512

LAST UPDATE DATE

2024-08-14T12:44:52.997000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374566date:2021-08-27T00:00:00
db:VULMONid:CVE-2021-1512date:2021-05-13T00:00:00
db:JVNDBid:JVNDB-2021-006516date:2022-01-11T08:26:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-142date:2021-05-14T00:00:00
db:NVDid:CVE-2021-1512date:2023-10-16T16:35:25.220

SOURCES RELEASE DATE

db:VULHUBid:VHN-374566date:2021-05-06T00:00:00
db:VULMONid:CVE-2021-1512date:2021-05-06T00:00:00
db:JVNDBid:JVNDB-2021-006516date:2022-01-11T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-142date:2021-05-05T00:00:00
db:NVDid:CVE-2021-1512date:2021-05-06T13:15:10.817