{"id": "CVE-2021-1546", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2021-09-23T03:15:11.183", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-209"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information."}, {"lang": "es", "value": "Una vulnerabilidad en la CLI de Cisco SD-WAN Software podr\u00eda permitir a un atacante local autenticado acceder a informaci\u00f3n confidencial. Esta vulnerabilidad es debido a protecciones inapropiadas en el acceso a archivos mediante la CLI. Un atacante podr\u00eda explotar esta vulnerabilidad al ejecutar un comando de la CLI que tenga como objetivo un archivo arbitrario en el sistema local. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante devolver porciones de un archivo arbitrario, posiblemente resultando en una divulgaci\u00f3n de informaci\u00f3n confidencial"}], "lastModified": "2024-11-21T05:44:35.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A19C57E-75A5-47AA-94B7-A7ADC2CD7091", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4"}, {"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D860DAF6-2876-4F54-ACBF-B217E709BD7F", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6"}, {"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F397362-BB17-4F5E-AFA3-B604A96C7BAE", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4"}, {"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15F9C222-75A1-44F8-A726-46CA77430D2F", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5"}, {"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F05A7552-5CFC-47EE-BA6B-98D423761369", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6"}, {"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC5C7C68-74C1-4D7F-848B-16C8566C0F42", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D99340DC-B83C-4F81-969F-C0A6E7CC4A54", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4"}, {"criteria": "cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "918ACCD9-0F3F-4EF3-8C0A-AE30F69BC8E9", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5"}, {"criteria": "cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A923BEA-61C4-4A2E-A7DD-BB389FF661CB", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vsmart_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FF370668-127C-409B-83FE-293B830D4FB4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7887226-3051-4914-8B0E-5DF4296AB68E", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4"}, {"criteria": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "210F5970-F029-4E1F-97E4-0813F78CA88C", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5"}, {"criteria": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99B58689-4FDF-4811-B1EE-584F777B696D", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "00AAB4DD-1C45-412F-84AA-C056A0BBFB9A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F443A171-E27A-4173-BB09-77E0A1587CE6", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4"}, {"criteria": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "047C57D1-C8B3-46F2-8B02-8467AF57D71A", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5"}, {"criteria": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FF65836-25C3-46C7-8989-9ABF3069D13F", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F019975D-3A45-4522-9CB9-F4258C371DF6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61682805-F527-473D-970A-B68053889AC8", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4"}, {"criteria": "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1ECE5A2-ED32-4453-A0FC-78A3D0D4F554", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5"}, {"criteria": "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3A99ECD-E6FE-4BF8-BE6D-22005B5E387A", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0811E0B5-889E-451E-B754-A8FEE32BDFA2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E00BBD5-A34A-47EF-9BCA-7100D2282A72", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4"}, {"criteria": "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F42BACEF-31BE-4FEF-8BD3-8EC2D5A59194", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5"}, {"criteria": "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00A3ECC6-E30A-4611-9872-8C6133F4A0C6", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "36973815-F46D-4ADA-B9DF-BCB70AC60BD3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "449AC46F-BE53-4706-A448-83A848492637", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4"}, {"criteria": "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42659BBF-8707-4DAC-8A5D-0E9DC10DD68F", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5"}, {"criteria": "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9899709-00DD-4934-9A54-3FDB171C2E74", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "061A302C-8D35-4E80-93DA-916DA7E90C06"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A27667C1-0EF2-419D-A216-83FBC3F5A61E", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4"}, {"criteria": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6954D048-EE8D-4923-9F10-18FD941AF72A", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5"}, {"criteria": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95ED1F5D-5573-4886-A875-10DD93AE495B", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "140AF13E-4463-478B-AA94-97406A80CB86"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB95804D-0357-4F33-ABB2-AB04C34D3095", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4"}, {"criteria": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAE58206-30C8-4734-B5BB-1FD631351F49", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5"}, {"criteria": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCB1732D-73DA-4125-A2FE-A79435B550AC", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1356861D-E6CA-4973-9597-629507E8C07E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56637DFC-FD0A-4714-9988-2DE80B3FB7BE", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4"}, {"criteria": "cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00C2DEED-5833-4E13-BBB3-5E5FE837979D", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5"}, {"criteria": "cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BF84BFB-E819-4C59-B16D-B00508218CE3", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vedge_cloud:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "94999112-9EAA-4707-B002-F867D7628C49"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}