Details of VAR-202105-0640

ID

VAR-202105-0640

CVE

CVE-2021-1512

TITLE

Cisco SD-WAN Software vulnerabilities to externally accessible files or directories

Trust: 0.8

sources: JVNDB: JVNDB-2021-006516

DESCRIPTION

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content in any arbitrary files that reside on the underlying host file system. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco SD-WAN vManage is a software from Cisco that provides software-defined network functions. The software is a form of network virtualization

Trust: 2.34

sources: NVD: CVE-2021-1512 // JVNDB: JVNDB-2021-006516 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374566 // VULMON: CVE-2021-1512

AFFECTED PRODUCTS

vendor:	cisco	model:	vedge 5000	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	19.2	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	gte	version:	20.1	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	18.4.6	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.1.2	Trust: 1.0
vendor:	cisco	model:	vedge-100b	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.4.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.3	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	19.2.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.3.1	Trust: 1.0
vendor:	シスコシステムズ	model:	vedge 100wm	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 100	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 100m	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 100b	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 2000	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vsmart controller	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 5000	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vbond orchestrator	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 1000	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-006516 // NVD: CVE-2021-1512

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1512
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1512
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1512
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-142
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374566
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-1512
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-1512
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374566
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1512
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.2
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1512
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	CVE-2021-1512
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374566 // VULMON: CVE-2021-1512 // JVNDB: JVNDB-2021-006516 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-142 // NVD: CVE-2021-1512 // NVD: CVE-2021-1512

PROBLEMTYPE DATA

problemtype:	CWE-552	Trust: 1.1
problemtype:	Externally accessible file or directory (CWE-552) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374566 // JVNDB: JVNDB-2021-006516 // NVD: CVE-2021-1512

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-142

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-142

PATCH

title:	cisco-sa-sdwan-arbfile-7Qhd9mCn	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfile-7Qhd9mCn	Trust: 0.8
title:	Cisco SD-WAN Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150533	Trust: 0.6
title:	Cisco: Cisco SD-WAN Software Arbitrary File Corruption Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-arbfile-7Qhd9mCn	Trust: 0.1

sources: VULMON: CVE-2021-1512 // JVNDB: JVNDB-2021-006516 // CNNVD: CNNVD-202105-142

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1512	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-006516	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1535	Trust: 0.6
db:	CS-HELP	id:	SB2021050619	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-142	Trust: 0.6
db:	VULHUB	id:	VHN-374566	Trust: 0.1
db:	VULMON	id:	CVE-2021-1512	Trust: 0.1

sources: VULHUB: VHN-374566 // VULMON: CVE-2021-1512 // JVNDB: JVNDB-2021-006516 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-142 // NVD: CVE-2021-1512

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-arbfile-7qhd9mcn	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1512	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-file-corruption-via-cli-35266	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1535	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021050619	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/552.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374566 // VULMON: CVE-2021-1512 // JVNDB: JVNDB-2021-006516 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-142 // NVD: CVE-2021-1512

SOURCES

db:	VULHUB	id:	VHN-374566
db:	VULMON	id:	CVE-2021-1512
db:	JVNDB	id:	JVNDB-2021-006516
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-142
db:	NVD	id:	CVE-2021-1512

LAST UPDATE DATE

2024-08-14T12:44:52.997000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374566	date:	2021-08-27T00:00:00
db:	VULMON	id:	CVE-2021-1512	date:	2021-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-006516	date:	2022-01-11T08:26:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-142	date:	2021-05-14T00:00:00
db:	NVD	id:	CVE-2021-1512	date:	2023-10-16T16:35:25.220

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374566	date:	2021-05-06T00:00:00
db:	VULMON	id:	CVE-2021-1512	date:	2021-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-006516	date:	2022-01-11T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-142	date:	2021-05-05T00:00:00
db:	NVD	id:	CVE-2021-1512	date:	2021-05-06T13:15:10.817