Details of VAR-202109-0242

ID

VAR-202109-0242

CVE

CVE-2021-1612

TITLE

Cisco IOS XE SD-WAN software CLI Link interpretation vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-012518

DESCRIPTION

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-1612 // JVNDB: JVNDB-2021-012518 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374666 // VULMON: CVE-2021-1612

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan	scope:	lt	version:	17.3.4	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-012518 // NVD: CVE-2021-1612

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1612
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1612
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1612
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-1552
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374666
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1612
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1612
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374666
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1612
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1612
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1612
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374666 // VULMON: CVE-2021-1612 // JVNDB: JVNDB-2021-012518 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1552 // NVD: CVE-2021-1612 // NVD: CVE-2021-1612

PROBLEMTYPE DATA

problemtype:	CWE-59	Trust: 1.1
problemtype:	CWE-61	Trust: 1.0
problemtype:	Link interpretation problem (CWE-59) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374666 // JVNDB: JVNDB-2021-012518 // NVD: CVE-2021-1612

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202109-1552

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	cisco-sa-sd-wan-GjR5pGOm	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-GjR5pGOm	Trust: 0.8
title:	Cisco IOS XE SD-WAN Software Post-link vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164738	Trust: 0.6

sources: JVNDB: JVNDB-2021-012518 // CNNVD: CNNVD-202109-1552

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1612	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-012518	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021092420	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3179	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-1552	Trust: 0.6
db:	VULHUB	id:	VHN-374666	Trust: 0.1
db:	VULMON	id:	CVE-2021-1612	Trust: 0.1

sources: VULHUB: VHN-374666 // VULMON: CVE-2021-1612 // JVNDB: JVNDB-2021-012518 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1552 // NVD: CVE-2021-1612

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-gjr5pgom	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1612	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ios-xe-sd-wan-software-file-write-via-cli-36509	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3179	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092420	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/59.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374666 // VULMON: CVE-2021-1612 // JVNDB: JVNDB-2021-012518 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1552 // NVD: CVE-2021-1612

SOURCES

db:	VULHUB	id:	VHN-374666
db:	VULMON	id:	CVE-2021-1612
db:	JVNDB	id:	JVNDB-2021-012518
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202109-1552
db:	NVD	id:	CVE-2021-1612

LAST UPDATE DATE

2024-08-14T13:09:25.146000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374666	date:	2021-09-30T00:00:00
db:	VULMON	id:	CVE-2021-1612	date:	2021-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-012518	date:	2022-09-01T05:30:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202109-1552	date:	2021-10-08T00:00:00
db:	NVD	id:	CVE-2021-1612	date:	2023-11-07T03:28:47.080

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374666	date:	2021-09-23T00:00:00
db:	VULMON	id:	CVE-2021-1612	date:	2021-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-012518	date:	2022-09-01T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202109-1552	date:	2021-09-22T00:00:00
db:	NVD	id:	CVE-2021-1612	date:	2021-09-23T03:15:12.270