Cisco SD-WAN vManage Software Vulnerability Could Allow Remote Access to Sensitive Information
CVE-2021-1232

6.5MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Catalyst Sd-wan Manager
Vendor
CVE Published:
18 November 2024

Summary

A vulnerability exists in the web-based management interface of Cisco SD-WAN vManage Software, which may allow an authenticated remote attacker to read arbitrary files on the system's filesystem. This issue arises from inadequate access control that permits unauthorized access to sensitive information stored on the affected systems. By exploiting this vulnerability, an attacker can gain unauthorized visibility into files and potentially access devices and other critical network management systems that should remain secure. Remedies are available through software updates provided by Cisco, and no workaround is effective against this vulnerability.

Affected Version(s)

Cisco Catalyst SD-WAN Manager 20.1.12

Cisco Catalyst SD-WAN Manager 19.2.1

Cisco Catalyst SD-WAN Manager 18.4.4

References

https://sec.cloudapps.cisco.com/security/center/content/C...
https://sec.cloudapps.cisco.com/security/center/content/C...
https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.