CVE-2021-1235
Cisco SD-WAN vManage Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read database files from the filesystem of the underlying operating system.
Una vulnerabilidad en la CLI del Software Cisco SD-WAN vManage, podría permitir a un atacante local autenticado leer archivos de bases de datos confidenciales en un sistema afectado. La vulnerabilidad es debido a una autorización de usuario insuficiente. Un atacante podría explotar esta vulnerabilidad mediante el acceso al vshell de un sistema afectado. Una explotación con éxito podría permitir al atacante leer archivos desde la base de datos del sistema de archivos del sistema operativo subyacente
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2020-11-13 CVE Reserved
- 2021-01-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-11-12 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Sd-wan Vmanage Search vendor "Cisco" for product "Sd-wan Vmanage" | < 19.2.3 Search vendor "Cisco" for product "Sd-wan Vmanage" and version " < 19.2.3" | - |
Affected
| ||||||