Vulnerability-Lookup

CVE-2021-1232 (GCVE-0-2021-1232)

Vulnerability from cvelistv5 – Published: 2024-11-18 15:40 – Updated: 2024-11-18 16:22

Title

Cisco SD-WAN vManage Information Disclosure Vulnerability

Summary

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that is written to an affected system. An attacker could exploit this vulnerability by accessing sensitive information that they are not authorized to access on an affected system. A successful exploit could allow the attacker to gain access to devices and other network management systems that they should not have access to.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/RL:X/RC:X/E:X

CWE

CWE-522 - Insufficiently Protected Credentials

Assigner

cisco

References

URL

Tags

	https://sec.cloudapps.cisco.com/security/center/c…
	https://sec.cloudapps.cisco.com/security/center/c…
	https://sec.cloudapps.cisco.com/security/center/c…
	https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Catalyst SD-WAN Manager	Affected: 20.1.12 Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.3.0 Affected: 19.2.2 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 18.3.8 Affected: 19.0.0 Affected: 19.1.0 Affected: 18.4.302 Affected: 18.4.303 Affected: 19.2.097 Affected: 19.2.098 Affected: 17.2.10 Affected: 18.3.6.1 Affected: 19.0.1a Affected: 18.2.0 Affected: 18.4.3 Affected: 18.4.1 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 18.3.4 Affected: 17.2.5 Affected: 18.3.1.1 Affected: 18.3.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 17.2.7 Affected: 17.2.4 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.3.1 Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1232",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-18T16:22:14.771701Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-18T16:22:35.477Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Catalyst SD-WAN Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "20.1.12"
            },
            {
              "status": "affected",
              "version": "19.2.1"
            },
            {
              "status": "affected",
              "version": "18.4.4"
            },
            {
              "status": "affected",
              "version": "18.4.5"
            },
            {
              "status": "affected",
              "version": "20.1.1.1"
            },
            {
              "status": "affected",
              "version": "20.1.1"
            },
            {
              "status": "affected",
              "version": "19.3.0"
            },
            {
              "status": "affected",
              "version": "19.2.2"
            },
            {
              "status": "affected",
              "version": "19.2.099"
            },
            {
              "status": "affected",
              "version": "18.3.6"
            },
            {
              "status": "affected",
              "version": "18.3.7"
            },
            {
              "status": "affected",
              "version": "19.2.0"
            },
            {
              "status": "affected",
              "version": "18.3.8"
            },
            {
              "status": "affected",
              "version": "19.0.0"
            },
            {
              "status": "affected",
              "version": "19.1.0"
            },
            {
              "status": "affected",
              "version": "18.4.302"
            },
            {
              "status": "affected",
              "version": "18.4.303"
            },
            {
              "status": "affected",
              "version": "19.2.097"
            },
            {
              "status": "affected",
              "version": "19.2.098"
            },
            {
              "status": "affected",
              "version": "17.2.10"
            },
            {
              "status": "affected",
              "version": "18.3.6.1"
            },
            {
              "status": "affected",
              "version": "19.0.1a"
            },
            {
              "status": "affected",
              "version": "18.2.0"
            },
            {
              "status": "affected",
              "version": "18.4.3"
            },
            {
              "status": "affected",
              "version": "18.4.1"
            },
            {
              "status": "affected",
              "version": "17.2.8"
            },
            {
              "status": "affected",
              "version": "18.3.3.1"
            },
            {
              "status": "affected",
              "version": "18.4.0"
            },
            {
              "status": "affected",
              "version": "18.3.1"
            },
            {
              "status": "affected",
              "version": "17.2.6"
            },
            {
              "status": "affected",
              "version": "17.2.9"
            },
            {
              "status": "affected",
              "version": "18.3.4"
            },
            {
              "status": "affected",
              "version": "17.2.5"
            },
            {
              "status": "affected",
              "version": "18.3.1.1"
            },
            {
              "status": "affected",
              "version": "18.3.5"
            },
            {
              "status": "affected",
              "version": "18.4.0.1"
            },
            {
              "status": "affected",
              "version": "18.3.3"
            },
            {
              "status": "affected",
              "version": "17.2.7"
            },
            {
              "status": "affected",
              "version": "17.2.4"
            },
            {
              "status": "affected",
              "version": "18.3.0"
            },
            {
              "status": "affected",
              "version": "19.2.3"
            },
            {
              "status": "affected",
              "version": "18.4.501_ES"
            },
            {
              "status": "affected",
              "version": "20.3.1"
            },
            {
              "status": "affected",
              "version": "20.1.2"
            },
            {
              "status": "affected",
              "version": "19.2.929"
            },
            {
              "status": "affected",
              "version": "19.2.31"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco\u0026nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system.\r\nThis vulnerability is due to insufficient access control for sensitive information that is written to an affected system. An attacker could exploit this vulnerability by accessing sensitive information that they are not authorized to access on an affected system. A successful exploit could allow the attacker to gain access to devices and other network management systems that they should not have access to.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/RL:X/RC:X/E:X",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "Insufficiently Protected Credentials",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-18T15:40:17.633Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-sdwanvman-infodis1-YuQScHB",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n"
        }
      ],
      "source": {
        "advisory": "cisco-sa-sdwanvman-infodis1-YuQScHB",
        "defects": [
          "CSCvu28397"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco SD-WAN vManage Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1232",
    "datePublished": "2024-11-18T15:40:17.633Z",
    "dateReserved": "2020-11-13T00:00:00.000Z",
    "dateUpdated": "2024-11-18T16:22:35.477Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-1232\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-18T16:22:14.771701Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-18T16:22:19.094Z\"}}], \"cna\": {\"title\": \"Cisco SD-WAN vManage Information Disclosure Vulnerability\", \"source\": {\"defects\": [\"CSCvu28397\"], \"advisory\": \"cisco-sa-sdwanvman-infodis1-YuQScHB\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/RL:X/RC:X/E:X\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Catalyst SD-WAN Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"20.1.12\"}, {\"status\": \"affected\", \"version\": \"19.2.1\"}, {\"status\": \"affected\", \"version\": \"18.4.4\"}, {\"status\": \"affected\", \"version\": \"18.4.5\"}, {\"status\": \"affected\", \"version\": \"20.1.1.1\"}, {\"status\": \"affected\", \"version\": \"20.1.1\"}, {\"status\": \"affected\", \"version\": \"19.3.0\"}, {\"status\": \"affected\", \"version\": \"19.2.2\"}, {\"status\": \"affected\", \"version\": \"19.2.099\"}, {\"status\": \"affected\", \"version\": \"18.3.6\"}, {\"status\": \"affected\", \"version\": \"18.3.7\"}, {\"status\": \"affected\", \"version\": \"19.2.0\"}, {\"status\": \"affected\", \"version\": \"18.3.8\"}, {\"status\": \"affected\", \"version\": \"19.0.0\"}, {\"status\": \"affected\", \"version\": \"19.1.0\"}, {\"status\": \"affected\", \"version\": \"18.4.302\"}, {\"status\": \"affected\", \"version\": \"18.4.303\"}, {\"status\": \"affected\", \"version\": \"19.2.097\"}, {\"status\": \"affected\", \"version\": \"19.2.098\"}, {\"status\": \"affected\", \"version\": \"17.2.10\"}, {\"status\": \"affected\", \"version\": \"18.3.6.1\"}, {\"status\": \"affected\", \"version\": \"19.0.1a\"}, {\"status\": \"affected\", \"version\": \"18.2.0\"}, {\"status\": \"affected\", \"version\": \"18.4.3\"}, {\"status\": \"affected\", \"version\": \"18.4.1\"}, {\"status\": \"affected\", \"version\": \"17.2.8\"}, {\"status\": \"affected\", \"version\": \"18.3.3.1\"}, {\"status\": \"affected\", \"version\": \"18.4.0\"}, {\"status\": \"affected\", \"version\": \"18.3.1\"}, {\"status\": \"affected\", \"version\": \"17.2.6\"}, {\"status\": \"affected\", \"version\": \"17.2.9\"}, {\"status\": \"affected\", \"version\": \"18.3.4\"}, {\"status\": \"affected\", \"version\": \"17.2.5\"}, {\"status\": \"affected\", \"version\": \"18.3.1.1\"}, {\"status\": \"affected\", \"version\": \"18.3.5\"}, {\"status\": \"affected\", \"version\": \"18.4.0.1\"}, {\"status\": \"affected\", \"version\": \"18.3.3\"}, {\"status\": \"affected\", \"version\": \"17.2.7\"}, {\"status\": \"affected\", \"version\": \"17.2.4\"}, {\"status\": \"affected\", \"version\": \"18.3.0\"}, {\"status\": \"affected\", \"version\": \"19.2.3\"}, {\"status\": \"affected\", \"version\": \"18.4.501_ES\"}, {\"status\": \"affected\", \"version\": \"20.3.1\"}, {\"status\": \"affected\", \"version\": \"20.1.2\"}, {\"status\": \"affected\", \"version\": \"19.2.929\"}, {\"status\": \"affected\", \"version\": \"19.2.31\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco\\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB\", \"name\": \"cisco-sa-sdwanvman-infodis1-YuQScHB\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3\", \"name\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3\", \"name\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n\", \"name\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the web-based management interface of Cisco\u0026nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system.\\r\\nThis vulnerability is due to insufficient access control for sensitive information that is written to an affected system. An attacker could exploit this vulnerability by accessing sensitive information that they are not authorized to access on an affected system. A successful exploit could allow the attacker to gain access to devices and other network management systems that they should not have access to.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-522\", \"description\": \"Insufficiently Protected Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2024-11-18T15:40:17.633Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-1232\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-18T16:22:35.477Z\", \"dateReserved\": \"2020-11-13T00:00:00.000Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2024-11-18T15:40:17.633Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-G8HR-M8MG-WMFP

Vulnerability from github – Published: 2024-11-18 18:30 – Updated: 2024-11-18 18:30

Details

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that is written to an affected system. An attacker could exploit this vulnerability by accessing sensitive information that they are not authorized to access on an affected system. A successful exploit could allow the attacker to gain access to devices and other network management systems that they should not have access to.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-1232"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-18T16:15:08Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the web-based management interface of Cisco\u0026nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system.\nThis vulnerability is due to insufficient access control for sensitive information that is written to an affected system. An attacker could exploit this vulnerability by accessing sensitive information that they are not authorized to access on an affected system. A successful exploit could allow the attacker to gain access to devices and other network management systems that they should not have access to.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.",
  "id": "GHSA-g8hr-m8mg-wmfp",
  "modified": "2024-11-18T18:30:57Z",
  "published": "2024-11-18T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1232"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2021-1232

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2021-1232

Aliases

CVE-2021-1232

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-1232",
    "id": "GSD-2021-1232"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-1232"
      ],
      "id": "GSD-2021-1232",
      "modified": "2023-12-13T01:23:22.518717Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2021-1232",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

CVE-2021-1232

Vulnerability from fstec - Published: 03.03.2021

Title

Уязвимость веб-интерфейса vManage программно-определяемой сети Cisco SD-WAN, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Description

Уязвимость веб-интерфейса vManage программно-определяемой сети Cisco SD-WAN связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к защищаемой информации

Severity ?


                    
                      AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vendor

Cisco Systems Inc.

Software Name

Cisco SD-WAN

Software Version

до 20.3.2 (Cisco SD-WAN)

Possible Mitigations

Использование рекомендаций: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB

CWE

CWE-522

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 20.3.2 (Cisco SD-WAN)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "15.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.03.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-01248",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-1232",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco SD-WAN",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 vManage \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u043c\u043e\u0439 \u0441\u0435\u0442\u0438 Cisco SD-WAN, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u0437\u0430\u0449\u0438\u0442\u0430 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-522)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 vManage \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u043c\u043e\u0439 \u0441\u0435\u0442\u0438 Cisco SD-WAN \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-522",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

FKIE_CVE-2021-1232

Vulnerability from fkie_nvd - Published: 2024-11-18 16:15 - Updated: 2025-08-04 14:44

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3	Not Applicable
psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB	Vendor Advisory
psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n	Not Applicable
psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3	Not Applicable

Impacted products

Vendor	Product	Version
cisco	catalyst_sd-wan_manager	17.2.4
cisco	catalyst_sd-wan_manager	17.2.5
cisco	catalyst_sd-wan_manager	17.2.6
cisco	catalyst_sd-wan_manager	17.2.7
cisco	catalyst_sd-wan_manager	17.2.8
cisco	catalyst_sd-wan_manager	17.2.9
cisco	catalyst_sd-wan_manager	17.2.10
cisco	catalyst_sd-wan_manager	18.2.0
cisco	catalyst_sd-wan_manager	18.3.0
cisco	catalyst_sd-wan_manager	18.3.1
cisco	catalyst_sd-wan_manager	18.3.1.1
cisco	catalyst_sd-wan_manager	18.3.3
cisco	catalyst_sd-wan_manager	18.3.3.1
cisco	catalyst_sd-wan_manager	18.3.4
cisco	catalyst_sd-wan_manager	18.3.5
cisco	catalyst_sd-wan_manager	18.3.6
cisco	catalyst_sd-wan_manager	18.3.6.1
cisco	catalyst_sd-wan_manager	18.3.7
cisco	catalyst_sd-wan_manager	18.3.8
cisco	catalyst_sd-wan_manager	18.4.0
cisco	catalyst_sd-wan_manager	18.4.0.1
cisco	catalyst_sd-wan_manager	18.4.1
cisco	catalyst_sd-wan_manager	18.4.3
cisco	catalyst_sd-wan_manager	18.4.4
cisco	catalyst_sd-wan_manager	18.4.5
cisco	catalyst_sd-wan_manager	18.4.302
cisco	catalyst_sd-wan_manager	18.4.303
cisco	catalyst_sd-wan_manager	18.4.501_es
cisco	catalyst_sd-wan_manager	19.0.0
cisco	catalyst_sd-wan_manager	19.0.1a
cisco	catalyst_sd-wan_manager	19.1.0
cisco	catalyst_sd-wan_manager	19.2.0
cisco	catalyst_sd-wan_manager	19.2.1
cisco	catalyst_sd-wan_manager	19.2.2
cisco	catalyst_sd-wan_manager	19.2.3
cisco	catalyst_sd-wan_manager	19.2.31
cisco	catalyst_sd-wan_manager	19.2.097
cisco	catalyst_sd-wan_manager	19.2.098
cisco	catalyst_sd-wan_manager	19.2.099
cisco	catalyst_sd-wan_manager	19.2.929
cisco	catalyst_sd-wan_manager	19.3.0
cisco	catalyst_sd-wan_manager	20.1.1
cisco	catalyst_sd-wan_manager	20.1.1.1
cisco	catalyst_sd-wan_manager	20.1.2
cisco	catalyst_sd-wan_manager	20.1.12
cisco	catalyst_sd-wan_manager	20.3.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0D5F32C-BFC1-49CC-BE96-920FCBE567B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F621202C-3851-4D7E-BFA2-DABB08E73DB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "38132BE5-528B-472E-9249-B226C0DE1C80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C817B2-DDB9-4CAF-96C9-776482A8597D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC5D29FD-0917-4C1F-AE75-2D63F5C9C58D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E3090C4-15E6-4746-B0D2-27665AB91B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "04E924CC-3161-436D-93F0-066F76172F55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ED059CD-AD0A-4748-8390-8CDCF4C4D1CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6990E97D-30E9-42A9-AE6A-CC597DF75B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "15B60BA4-EA02-4D0D-82C3-1B08016EF5AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DC51F7-72D4-4593-8DDE-8AA3955BB826",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B047A011-1C27-4D86-99C1-BFCDC7F04A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DADEA8FB-3298-4534-B65E-81060E3DB45A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4C6DF1F-4995-4486-8F90-9EFD6417ABA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D249954-93E0-4124-B9BA-84B9F34D7CB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B24396C-3732-4CF8-B01A-62C77D20E7FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7F20EBE-DFDF-4996-93D1-28EE776BC777",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DF09CAB-CA1B-428E-9A0B-AADACE9201A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99ED480-C206-48DD-9DF3-FC60D91B98A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DC515B6-27A3-4723-9792-2BA42EF63E44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC0BBDA-FAE5-4AF7-81C8-83041A58E8E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A066E28-31B0-46C7-ABB8-F5D1F3A303C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8F536CC-29D6-401E-92C5-964FDBDCCE65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9139593A-9414-488D-AA3A-5560C643587D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "07BFB47E-F456-4782-98D7-68D02500FDD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.302:*:*:*:*:*:*:*",
              "matchCriteriaId": "33BEBE47-AF47-4994-871D-5969270EE5AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.303:*:*:*:*:*:*:*",
              "matchCriteriaId": "A27094E7-E6F3-47CA-A90A-86FEA2F1BE33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.501_es:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8958D8-389F-4FB6-8F29-621608FB2B32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B66141-99E6-4D7D-8D11-18E9B34B002D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.0.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "40177056-0438-4BFF-ABD3-2328FE585800",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D6D47A0-43A2-4F9F-830B-B2FB79E779A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87E7B932-950A-4573-832F-8477FABA5929",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1711A70-5931-4C1F-B522-46AD2E5D7C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE41B8AE-8F1E-4116-BDDC-65B913AD448E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EC80219-C760-4CA8-B360-7B6545F502C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9E425CF-5773-4C17-B284-588DDCE8DE43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.097:*:*:*:*:*:*:*",
              "matchCriteriaId": "34886EDF-1C10-4F57-A82D-FF1AF668E2C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.098:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EE5ECA-5D13-4C29-9396-95FFBEC4236A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.099:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D7B3B10-6936-4352-9EE7-561BB1918769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.929:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EB69F8B-67CB-4296-893A-7A35B155EBEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "491BD04C-85BE-4766-9965-59744D2639CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "545F75A3-451C-4993-98AE-51C23EF49927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BB0DD6B-6C4D-4FF4-97AB-815A4566320F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D144CB1-0AD1-4C8A-A709-52C26965675F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "482DC851-7E33-4487-8219-6675091FD7C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAFBFE36-6913-4122-A537-F2AA1562FE69",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco\u0026nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system.\r\nThis vulnerability is due to insufficient access control for sensitive information that is written to an affected system. An attacker could exploit this vulnerability by accessing sensitive information that they are not authorized to access on an affected system. A successful exploit could allow the attacker to gain access to devices and other network management systems that they should not have access to.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco SD-WAN vManage Software podr\u00eda permitir que un atacante remoto autenticado lea archivos arbitrarios en el sistema de archivos subyacente de un sistema afectado. Esta vulnerabilidad se debe a un control de acceso insuficiente para la informaci\u00f3n confidencial que se escribe en un sistema afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad al acceder a informaci\u00f3n confidencial a la que no est\u00e1 autorizado a acceder en un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante obtener acceso a dispositivos y otros sistemas de administraci\u00f3n de red a los que no deber\u00eda tener acceso. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad."
    }
  ],
  "id": "CVE-2021-1232",
  "lastModified": "2025-08-04T14:44:23.590",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-11-18T16:15:08.567",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-1232 (GCVE-0-2021-1232)

GHSA-G8HR-M8MG-WMFP

GSD-2021-1232

CVE-2021-1232

FKIE_CVE-2021-1232

Tags

Sightings

Nomenclature