Details of VAR-202109-0385

ID

VAR-202109-0385

CVE

CVE-2021-1546

TITLE

SD-WAN Software error message information disclosure vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-012516

DESCRIPTION

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information. SD-WAN The software contains an information disclosure vulnerability through an error message.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-1546 // JVNDB: JVNDB-2021-012516 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374600 // VULMON: CVE-2021-1546

AFFECTED PRODUCTS

vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.6.1	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	gte	version:	20.6	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	gte	version:	18.4	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	gte	version:	18.4	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	gte	version:	18.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.6	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	lt	version:	20.5.2	Trust: 1.0
vendor:	cisco	model:	vedge 5000	scope:	lt	version:	20.5.2	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	lt	version:	20.6.1	Trust: 1.0
vendor:	cisco	model:	vedge 5000	scope:	lt	version:	20.6.1	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	gte	version:	20.6	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	lt	version:	20.5.2	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	lt	version:	20.5.2	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	18.4	Trust: 1.0
vendor:	cisco	model:	vedge 5000	scope:	gte	version:	20.6	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	lt	version:	20.6.1	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	lt	version:	20.6.1	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.5.2	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	gte	version:	20.6	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	gte	version:	20.6	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 5000	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	vedge 5000	scope:	gte	version:	18.4	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	lt	version:	20.5.2	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	gte	version:	20.6	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	gte	version:	18.4	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	gte	version:	18.4	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	gte	version:	18.4	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	lt	version:	20.5.2	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	lt	version:	20.6.1	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	lt	version:	20.5.2	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	lt	version:	20.6.1	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	lt	version:	20.6.1	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	gte	version:	20.6	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	gte	version:	20.6	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	gte	version:	18.4	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	lt	version:	20.5.2	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	lt	version:	20.5.2	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	gte	version:	20.6	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	lt	version:	20.6.1	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	gte	version:	18.4	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	lt	version:	20.5.2	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	lt	version:	20.6.1	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	gte	version:	18.4	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	lt	version:	20.6.1	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	gte	version:	20.6	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 5000	scope:	gte	version:	20.5	Trust: 1.0
vendor:	シスコシステムズ	model:	vsmart controller	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 1000	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vbond orchestrator	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 100	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 100b	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 100wm	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 2000	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 5000	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge cloud	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 100m	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-012516 // NVD: CVE-2021-1546

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1546
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1546
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1546
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-1579
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374600
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-1546
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-1546
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374600
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1546
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1546
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374600 // VULMON: CVE-2021-1546 // JVNDB: JVNDB-2021-012516 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1579 // NVD: CVE-2021-1546 // NVD: CVE-2021-1546

PROBLEMTYPE DATA

problemtype:	CWE-209	Trust: 1.1
problemtype:	Information leakage due to error message (CWE-209) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374600 // JVNDB: JVNDB-2021-012516 // NVD: CVE-2021-1546

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202109-1579

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1579

PATCH

title:	cisco-sa-sd-wan-Fhqh8pKX	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX	Trust: 0.8
title:	Cisco Sd-Wan Software Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=163447	Trust: 0.6
title:	Cisco: Cisco SD-WAN Software Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sd-wan-Fhqh8pKX	Trust: 0.1

sources: VULMON: CVE-2021-1546 // JVNDB: JVNDB-2021-012516 // CNNVD: CNNVD-202109-1579

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1546	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-012516	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.3475	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3182	Trust: 0.6
db:	CS-HELP	id:	SB2021092419	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-1579	Trust: 0.6
db:	VULHUB	id:	VHN-374600	Trust: 0.1
db:	VULMON	id:	CVE-2021-1546	Trust: 0.1

sources: VULHUB: VHN-374600 // VULMON: CVE-2021-1546 // JVNDB: JVNDB-2021-012516 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1579 // NVD: CVE-2021-1546

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-fhqh8pkx	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1546	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092419	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.3475	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3182	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-sd-wan-software-file-reading-via-cli-command-36529	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/209.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374600 // VULMON: CVE-2021-1546 // JVNDB: JVNDB-2021-012516 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1579 // NVD: CVE-2021-1546

SOURCES

db:	VULHUB	id:	VHN-374600
db:	VULMON	id:	CVE-2021-1546
db:	JVNDB	id:	JVNDB-2021-012516
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202109-1579
db:	NVD	id:	CVE-2021-1546

LAST UPDATE DATE

2024-08-14T12:56:48.062000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374600	date:	2021-09-30T00:00:00
db:	VULMON	id:	CVE-2021-1546	date:	2021-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-012516	date:	2022-09-01T05:30:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202109-1579	date:	2023-06-20T00:00:00
db:	NVD	id:	CVE-2021-1546	date:	2023-11-07T03:28:35.463

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374600	date:	2021-09-23T00:00:00
db:	VULMON	id:	CVE-2021-1546	date:	2021-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-012516	date:	2022-09-01T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202109-1579	date:	2021-09-22T00:00:00
db:	NVD	id:	CVE-2021-1546	date:	2021-09-23T03:15:11.183