CVE-2021-1512
Cisco SD-WAN Software Arbitrary File Corruption Vulnerability
Severity Score
6.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content in any arbitrary files that reside on the underlying host file system.
Una vulnerabilidad en la CLI de Cisco SD-WAN Software, podría permitir a un atacante local autenticado sobrescribir archivos arbitrarios en el sistema de archivos subyacente de un sistema afectado. Esta vulnerabilidad es debido a una comprobación insuficiente de los parámetros de la entrada proporcionados por el usuario de un comando CLI específico. Un atacante podría explotar esta vulnerabilidadal al emitir ese comando con parámetros específicos. Una explotación con éxito podría permitir al atacante sobrescribir el contenido de cualquier archivo arbitrario que resida en el sistema de archivos del host subyacente
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-11-13 CVE Reserved
- 2021-05-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-11-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-552: Files or Directories Accessible to External Parties
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Vsmart Controller Firmware Search vendor "Cisco" for product "Vsmart Controller Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Vsmart Controller Search vendor "Cisco" for product "Vsmart Controller" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Vedge 100 Firmware Search vendor "Cisco" for product "Vedge 100 Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 100 Search vendor "Cisco" for product "Vedge 100" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Vedge 1000 Firmware Search vendor "Cisco" for product "Vedge 1000 Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 1000 Search vendor "Cisco" for product "Vedge 1000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Vedge 100b Firmware Search vendor "Cisco" for product "Vedge 100b Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 100b Search vendor "Cisco" for product "Vedge 100b" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Vedge 100m Firmware Search vendor "Cisco" for product "Vedge 100m Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 100m Search vendor "Cisco" for product "Vedge 100m" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Vedge 100wm Firmware Search vendor "Cisco" for product "Vedge 100wm Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 100wm Search vendor "Cisco" for product "Vedge 100wm" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Vedge 2000 Firmware Search vendor "Cisco" for product "Vedge 2000 Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 2000 Search vendor "Cisco" for product "Vedge 2000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Vedge 5000 Firmware Search vendor "Cisco" for product "Vedge 5000 Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge 5000 Search vendor "Cisco" for product "Vedge 5000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Vedge-100b Firmware Search vendor "Cisco" for product "Vedge-100b Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge-100b Search vendor "Cisco" for product "Vedge-100b" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Vedge Cloud Firmware Search vendor "Cisco" for product "Vedge Cloud Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Vedge Cloud Search vendor "Cisco" for product "Vedge Cloud" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Catalyst Sd-wan Manager Search vendor "Cisco" for product "Catalyst Sd-wan Manager" | >= 19.2 < 19.2.3 Search vendor "Cisco" for product "Catalyst Sd-wan Manager" and version " >= 19.2 < 19.2.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Catalyst Sd-wan Manager Search vendor "Cisco" for product "Catalyst Sd-wan Manager" | >= 20.3 < 20.3.1 Search vendor "Cisco" for product "Catalyst Sd-wan Manager" and version " >= 20.3 < 20.3.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Catalyst Sd-wan Manager Search vendor "Cisco" for product "Catalyst Sd-wan Manager" | >= 20.4 < 20.4.1 Search vendor "Cisco" for product "Catalyst Sd-wan Manager" and version " >= 20.4 < 20.4.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Catalyst Sd-wan Manager Search vendor "Cisco" for product "Catalyst Sd-wan Manager" | >= 20.5 < 20.5.1 Search vendor "Cisco" for product "Catalyst Sd-wan Manager" and version " >= 20.5 < 20.5.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Sd-wan Vbond Orchestrator Search vendor "Cisco" for product "Sd-wan Vbond Orchestrator" | - | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Sd-wan Vmanage Search vendor "Cisco" for product "Sd-wan Vmanage" | < 18.4.6 Search vendor "Cisco" for product "Sd-wan Vmanage" and version " < 18.4.6" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Sd-wan Vmanage Search vendor "Cisco" for product "Sd-wan Vmanage" | >= 20.1 < 20.1.2 Search vendor "Cisco" for product "Sd-wan Vmanage" and version " >= 20.1 < 20.1.2" | - |
Affected
| ||||||