Sign-up

ID

VAR-202109-0615


CVE

CVE-2021-34726


TITLE

Cisco SD-WAN Operating system command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202109-1578

DESCRIPTION

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root-level privileges. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.62

sources: NVD: CVE-2021-34726 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-394968 // VULMON: CVE-2021-34726

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wanscope:ltversion:20.1.2

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:19.2.3

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:20.3.1

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:20.5.1

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:20.4

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:20.1

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:18.4.6

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:20.3

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:20.4.1

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:19.2.0

Trust: 1.0

sources: NVD: CVE-2021-34726

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34726
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34726
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202109-1578
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-394968
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-34726
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-394968
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34726
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34726
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-394968 // CNNVD: CNNVD-202109-1578 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34726 // NVD: CVE-2021-34726

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 1.0

sources: VULHUB: VHN-394968 // NVD: CVE-2021-34726

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202109-1578

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202109-1578

PATCH

title:Cisco Sd-Wan Software Fixes for command injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=163446

Trust: 0.6

sources: CNNVD: CNNVD-202109-1578

EXTERNAL IDS

db:NVDid:CVE-2021-34726

Trust: 1.8

db:CS-HELPid:SB2021092423

Trust: 0.6

db:AUSCERTid:ESB-2021.3182

Trust: 0.6

db:CNNVDid:CNNVD-202109-1578

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-394968

Trust: 0.1

db:VULMONid:CVE-2021-34726

Trust: 0.1

sources: VULHUB: VHN-394968 // VULMON: CVE-2021-34726 // CNNVD: CNNVD-202109-1578 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34726

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-maapi-cmdinjec-znuytuc

Trust: 2.4

url:https://vigilance.fr/vulnerability/cisco-sd-wan-software-privilege-escalation-via-command-injection-36510

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092423

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3182

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-394968 // VULMON: CVE-2021-34726 // CNNVD: CNNVD-202109-1578 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34726

SOURCES

db:VULHUBid:VHN-394968
db:VULMONid:CVE-2021-34726
db:CNNVDid:CNNVD-202109-1578
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-34726

LAST UPDATE DATE

2024-08-14T12:34:06.163000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-394968date:2022-10-24T00:00:00
db:VULMONid:CVE-2021-34726date:2021-09-23T00:00:00
db:CNNVDid:CNNVD-202109-1578date:2022-10-25T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-34726date:2022-10-24T14:25:01.193

SOURCES RELEASE DATE

db:VULHUBid:VHN-394968date:2021-09-23T00:00:00
db:VULMONid:CVE-2021-34726date:2021-09-23T00:00:00
db:CNNVDid:CNNVD-202109-1578date:2021-09-22T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-34726date:2021-09-23T03:15:19.320