Details of VAR-202106-0902

ID

VAR-202106-0902

CVE

CVE-2021-1528

TITLE

Cisco SD-WAN Unnecessary privileged execution vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2021-007750

DESCRIPTION

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this vulnerability by invoking a privileged process in the affected system. A successful exploit could allow the attacker to perform actions with the privileges of the root user. Cisco SD-WAN The software contains a vulnerability in execution with unnecessary privileges.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco SD-WAN Solution is a set of network expansion solutions of Cisco (Cisco)

Trust: 2.25

sources: NVD: CVE-2021-1528 // JVNDB: JVNDB-2021-007750 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374582

AFFECTED PRODUCTS

vendor:	cisco	model:	vedge 100wm	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	vedge 5000	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 5000	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 5000	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 5000	scope:	gte	version:	20.5	Trust: 1.0
vendor:	シスコシステムズ	model:	vsmart controller	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 2000	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 5000	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 1000	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 100wm	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 100m	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vbond orchestrator	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 100b	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 100	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007750 // NVD: CVE-2021-1528

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1528
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1528
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1528
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-122
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374582
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1528
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-374582
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1528
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1528
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374582 // JVNDB: JVNDB-2021-007750 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-122 // NVD: CVE-2021-1528 // NVD: CVE-2021-1528

PROBLEMTYPE DATA

problemtype:	CWE-250	Trust: 1.1
problemtype:	Execution with unnecessary privileges (CWE-250) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374582 // JVNDB: JVNDB-2021-007750 // NVD: CVE-2021-1528

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-122

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-122

PATCH

title:

cisco-sa-sd-wan-fuErCWwF

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-fuErCWwF

Trust: 0.8

sources: JVNDB: JVNDB-2021-007750

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1528	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-007750	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021060305	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1905	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-122	Trust: 0.6
db:	VULHUB	id:	VHN-374582	Trust: 0.1

sources: VULHUB: VHN-374582 // JVNDB: JVNDB-2021-007750 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-122 // NVD: CVE-2021-1528

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-fuercwwf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1528	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1905	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060305	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-sd-wan-software-privilege-escalation-via-privileged-processes-35594	Trust: 0.6

sources: VULHUB: VHN-374582 // JVNDB: JVNDB-2021-007750 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-122 // NVD: CVE-2021-1528

SOURCES

db:	VULHUB	id:	VHN-374582
db:	JVNDB	id:	JVNDB-2021-007750
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-122
db:	NVD	id:	CVE-2021-1528

LAST UPDATE DATE

2024-08-14T12:19:18.395000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374582	date:	2021-06-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-007750	date:	2022-02-22T07:06:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-122	date:	2021-06-15T00:00:00
db:	NVD	id:	CVE-2021-1528	date:	2023-11-07T03:28:32.447

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374582	date:	2021-06-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-007750	date:	2022-02-22T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-122	date:	2021-06-02T00:00:00
db:	NVD	id:	CVE-2021-1528	date:	2021-06-04T17:15:09.020