CVE-2021-1438
Cisco Wide Area Application Services Software Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access.
Una vulnerabilidad en el software Cisco Wide Area Application Services (WAAS) podría permitir a un atacante local autenticado conseguir acceso a información confidencial en un dispositivo afectado. La vulnerabilidad es debido a una comprobación inapropiada de la entrada y una autorización de comandos específicos que un usuario puede ejecutar dentro de la CLI. Un atacante podría explotar esta vulnerabilidad al autenticarse en un dispositivo afectado y emitir un ajuste específico de comandos. Una explotación con éxito podría permitir al atacante leer archivos arbitrarios a los que originalmente no tenían permiso para acceder
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2020-11-13 CVE Reserved
- 2021-05-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-11-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-668: Exposure of Resource to Wrong Sphere
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Wide Area Application Services Search vendor "Cisco" for product "Wide Area Application Services" | <= 6.4.5a Search vendor "Cisco" for product "Wide Area Application Services" and version " <= 6.4.5a" | - |
Affected
|