ID

VAR-202109-0385


CVE

CVE-2021-1546


TITLE

SD-WAN  Software error message information disclosure vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-012516

DESCRIPTION

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information. SD-WAN The software contains an information disclosure vulnerability through an error message.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-1546 // JVNDB: JVNDB-2021-012516 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374600 // VULMON: CVE-2021-1546

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.6.1

Trust: 1.0

vendor:ciscomodel:vedge 100wmscope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:vedge 100wmscope:gteversion:20.6

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:vsmart controllerscope:gteversion:18.4

Trust: 1.0

vendor:ciscomodel:vedge 100scope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:vedge 2000scope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:vsmart controllerscope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:vedge 2000scope:gteversion:18.4

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:vedge 100wmscope:gteversion:18.4

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.6

Trust: 1.0

vendor:ciscomodel:vedge cloudscope:ltversion:20.5.2

Trust: 1.0

vendor:ciscomodel:vedge 5000scope:ltversion:20.5.2

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:vedge cloudscope:ltversion:20.6.1

Trust: 1.0

vendor:ciscomodel:vedge 5000scope:ltversion:20.6.1

Trust: 1.0

vendor:ciscomodel:vedge cloudscope:gteversion:20.6

Trust: 1.0

vendor:ciscomodel:vedge 100scope:ltversion:20.5.2

Trust: 1.0

vendor:ciscomodel:vedge 100mscope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:ltversion:20.5.2

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:18.4

Trust: 1.0

vendor:ciscomodel:vedge 5000scope:gteversion:20.6

Trust: 1.0

vendor:ciscomodel:vedge 100scope:ltversion:20.6.1

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:ltversion:20.6.1

Trust: 1.0

vendor:ciscomodel:vedge 100bscope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:ltversion:20.5.2

Trust: 1.0

vendor:ciscomodel:vedge 100scope:gteversion:20.6

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:gteversion:20.6

Trust: 1.0

vendor:ciscomodel:vedge 1000scope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:vedge 5000scope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:vedge 5000scope:gteversion:18.4

Trust: 1.0

vendor:ciscomodel:vedge 100bscope:ltversion:20.5.2

Trust: 1.0

vendor:ciscomodel:vedge 2000scope:gteversion:20.6

Trust: 1.0

vendor:ciscomodel:vedge cloudscope:gteversion:18.4

Trust: 1.0

vendor:ciscomodel:vedge 100scope:gteversion:18.4

Trust: 1.0

vendor:ciscomodel:vedge cloudscope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:gteversion:18.4

Trust: 1.0

vendor:ciscomodel:vedge 1000scope:ltversion:20.5.2

Trust: 1.0

vendor:ciscomodel:vedge 100bscope:ltversion:20.6.1

Trust: 1.0

vendor:ciscomodel:vedge 100scope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:vedge 100mscope:ltversion:20.5.2

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:vedge 1000scope:ltversion:20.6.1

Trust: 1.0

vendor:ciscomodel:vedge 100mscope:ltversion:20.6.1

Trust: 1.0

vendor:ciscomodel:vsmart controllerscope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:vedge 100mscope:gteversion:20.6

Trust: 1.0

vendor:ciscomodel:vedge 2000scope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:vedge 100wmscope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:vedge 100bscope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:vedge 100bscope:gteversion:20.6

Trust: 1.0

vendor:ciscomodel:vedge 100mscope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:vedge 100mscope:gteversion:18.4

Trust: 1.0

vendor:ciscomodel:vedge 100wmscope:ltversion:20.5.2

Trust: 1.0

vendor:ciscomodel:vedge 1000scope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:vsmart controllerscope:ltversion:20.5.2

Trust: 1.0

vendor:ciscomodel:vedge 1000scope:gteversion:20.6

Trust: 1.0

vendor:ciscomodel:vedge 100wmscope:ltversion:20.6.1

Trust: 1.0

vendor:ciscomodel:vedge 100bscope:gteversion:18.4

Trust: 1.0

vendor:ciscomodel:vedge 2000scope:ltversion:20.5.2

Trust: 1.0

vendor:ciscomodel:vsmart controllerscope:ltversion:20.6.1

Trust: 1.0

vendor:ciscomodel:vedge 1000scope:gteversion:18.4

Trust: 1.0

vendor:ciscomodel:vedge 2000scope:ltversion:20.6.1

Trust: 1.0

vendor:ciscomodel:vsmart controllerscope:gteversion:20.6

Trust: 1.0

vendor:ciscomodel:vedge cloudscope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:vedge 5000scope:gteversion:20.5

Trust: 1.0

vendor:シスコシステムズmodel:vsmart controllerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 1000scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vbond orchestratorscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 100scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 100bscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 100wmscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 2000scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 5000scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge cloudscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:vedge 100mscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-012516 // NVD: CVE-2021-1546

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1546
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1546
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1546
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-1579
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374600
value: LOW

Trust: 0.1

VULMON: CVE-2021-1546
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-1546
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374600
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1546
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2021-1546
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374600 // VULMON: CVE-2021-1546 // JVNDB: JVNDB-2021-012516 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1579 // NVD: CVE-2021-1546 // NVD: CVE-2021-1546

PROBLEMTYPE DATA

problemtype:CWE-209

Trust: 1.1

problemtype:Information leakage due to error message (CWE-209) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-374600 // JVNDB: JVNDB-2021-012516 // NVD: CVE-2021-1546

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202109-1579

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1579

PATCH

title:cisco-sa-sd-wan-Fhqh8pKXurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX

Trust: 0.8

title:Cisco Sd-Wan Software Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=163447

Trust: 0.6

title:Cisco: Cisco SD-WAN Software Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sd-wan-Fhqh8pKX

Trust: 0.1

sources: VULMON: CVE-2021-1546 // JVNDB: JVNDB-2021-012516 // CNNVD: CNNVD-202109-1579

EXTERNAL IDS

db:NVDid:CVE-2021-1546

Trust: 3.4

db:JVNDBid:JVNDB-2021-012516

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2023.3475

Trust: 0.6

db:AUSCERTid:ESB-2021.3182

Trust: 0.6

db:CS-HELPid:SB2021092419

Trust: 0.6

db:CNNVDid:CNNVD-202109-1579

Trust: 0.6

db:VULHUBid:VHN-374600

Trust: 0.1

db:VULMONid:CVE-2021-1546

Trust: 0.1

sources: VULHUB: VHN-374600 // VULMON: CVE-2021-1546 // JVNDB: JVNDB-2021-012516 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1579 // NVD: CVE-2021-1546

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-fhqh8pkx

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1546

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092419

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3475

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3182

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-sd-wan-software-file-reading-via-cli-command-36529

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/209.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374600 // VULMON: CVE-2021-1546 // JVNDB: JVNDB-2021-012516 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1579 // NVD: CVE-2021-1546

SOURCES

db:VULHUBid:VHN-374600
db:VULMONid:CVE-2021-1546
db:JVNDBid:JVNDB-2021-012516
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-1579
db:NVDid:CVE-2021-1546

LAST UPDATE DATE

2024-08-14T12:56:48.062000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374600date:2021-09-30T00:00:00
db:VULMONid:CVE-2021-1546date:2021-09-30T00:00:00
db:JVNDBid:JVNDB-2021-012516date:2022-09-01T05:30:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-1579date:2023-06-20T00:00:00
db:NVDid:CVE-2021-1546date:2023-11-07T03:28:35.463

SOURCES RELEASE DATE

db:VULHUBid:VHN-374600date:2021-09-23T00:00:00
db:VULMONid:CVE-2021-1546date:2021-09-23T00:00:00
db:JVNDBid:JVNDB-2021-012516date:2022-09-01T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-1579date:2021-09-22T00:00:00
db:NVDid:CVE-2021-1546date:2021-09-23T03:15:11.183