ID

VAR-202106-0902


CVE

CVE-2021-1528


TITLE

Cisco SD-WAN  Unnecessary privileged execution vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2021-007750

DESCRIPTION

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this vulnerability by invoking a privileged process in the affected system. A successful exploit could allow the attacker to perform actions with the privileges of the root user. Cisco SD-WAN The software contains a vulnerability in execution with unnecessary privileges.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco SD-WAN Solution is a set of network expansion solutions of Cisco (Cisco)

Trust: 2.25

sources: NVD: CVE-2021-1528 // JVNDB: JVNDB-2021-007750 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374582

AFFECTED PRODUCTS

vendor:ciscomodel:vedge 100wmscope:gteversion:20.4

Trust: 1.0

vendor:ciscomodel:vedge 100wmscope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:vsmart controllerscope:ltversion:20.5.1

Trust: 1.0

vendor:ciscomodel:vedge 100bscope:ltversion:20.5.1

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:vedge 100scope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:vedge 1000scope:ltversion:20.5.1

Trust: 1.0

vendor:ciscomodel:vedge 2000scope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:vedge 100mscope:ltversion:20.5.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.4

Trust: 1.0

vendor:ciscomodel:vsmart controllerscope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:vedge cloudscope:gteversion:20.4

Trust: 1.0

vendor:ciscomodel:vedge 100wmscope:ltversion:20.5.1

Trust: 1.0

vendor:ciscomodel:vedge 5000scope:gteversion:20.4

Trust: 1.0

vendor:ciscomodel:vedge 100mscope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:vedge 100bscope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:vedge 100scope:gteversion:20.4

Trust: 1.0

vendor:ciscomodel:vedge 2000scope:ltversion:20.5.1

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:gteversion:20.4

Trust: 1.0

vendor:ciscomodel:vedge 1000scope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:vedge 5000scope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:vedge cloudscope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.5.1

Trust: 1.0

vendor:ciscomodel:vsmart controllerscope:gteversion:20.4

Trust: 1.0

vendor:ciscomodel:vedge 100scope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:vedge 100mscope:gteversion:20.4

Trust: 1.0

vendor:ciscomodel:vedge 2000scope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:vedge 100bscope:gteversion:20.4

Trust: 1.0

vendor:ciscomodel:vedge 100wmscope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:vedge 5000scope:ltversion:20.5.1

Trust: 1.0

vendor:ciscomodel:vsmart controllerscope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:vedge 100bscope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:vedge 100mscope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:vedge cloudscope:ltversion:20.5.1

Trust: 1.0

vendor:ciscomodel:vedge 1000scope:gteversion:20.4

Trust: 1.0

vendor:ciscomodel:vedge 1000scope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:vedge 100scope:ltversion:20.5.1

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:ltversion:20.5.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:vedge 2000scope:gteversion:20.4

Trust: 1.0

vendor:ciscomodel:vedge cloudscope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:vedge 5000scope:gteversion:20.5

Trust: 1.0

vendor:シスコシステムズmodel:vsmart controllerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 2000scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 5000scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 1000scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 100wmscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 100mscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vbond orchestratorscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 100bscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 100scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-007750 // NVD: CVE-2021-1528

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1528
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1528
value: HIGH

Trust: 1.0

NVD: CVE-2021-1528
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-122
value: HIGH

Trust: 0.6

VULHUB: VHN-374582
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1528
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-374582
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1528
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2021-1528
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374582 // JVNDB: JVNDB-2021-007750 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-122 // NVD: CVE-2021-1528 // NVD: CVE-2021-1528

PROBLEMTYPE DATA

problemtype:CWE-250

Trust: 1.1

problemtype:Execution with unnecessary privileges (CWE-250) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374582 // JVNDB: JVNDB-2021-007750 // NVD: CVE-2021-1528

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-122

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-122

PATCH

title:cisco-sa-sd-wan-fuErCWwFurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-fuErCWwF

Trust: 0.8

sources: JVNDB: JVNDB-2021-007750

EXTERNAL IDS

db:NVDid:CVE-2021-1528

Trust: 3.3

db:JVNDBid:JVNDB-2021-007750

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021060305

Trust: 0.6

db:AUSCERTid:ESB-2021.1905

Trust: 0.6

db:CNNVDid:CNNVD-202106-122

Trust: 0.6

db:VULHUBid:VHN-374582

Trust: 0.1

sources: VULHUB: VHN-374582 // JVNDB: JVNDB-2021-007750 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-122 // NVD: CVE-2021-1528

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-fuercwwf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-1528

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1905

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060305

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-sd-wan-software-privilege-escalation-via-privileged-processes-35594

Trust: 0.6

sources: VULHUB: VHN-374582 // JVNDB: JVNDB-2021-007750 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-122 // NVD: CVE-2021-1528

SOURCES

db:VULHUBid:VHN-374582
db:JVNDBid:JVNDB-2021-007750
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202106-122
db:NVDid:CVE-2021-1528

LAST UPDATE DATE

2024-08-14T12:19:18.395000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374582date:2021-06-14T00:00:00
db:JVNDBid:JVNDB-2021-007750date:2022-02-22T07:06:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202106-122date:2021-06-15T00:00:00
db:NVDid:CVE-2021-1528date:2023-11-07T03:28:32.447

SOURCES RELEASE DATE

db:VULHUBid:VHN-374582date:2021-06-04T00:00:00
db:JVNDBid:JVNDB-2021-007750date:2022-02-22T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202106-122date:2021-06-02T00:00:00
db:NVDid:CVE-2021-1528date:2021-06-04T17:15:09.020