{"containers": {"cna": {"affected": [{"product": "Cisco SD-WAN Solution ", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2021-09-22T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "CWE-209", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-23T02:30:18", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20210922 Cisco SD-WAN Software Information Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX"}], "source": {"advisory": "cisco-sa-sd-wan-Fhqh8pKX", "defect": [["CSCvx79335"]], "discovery": "INTERNAL"}, "title": "Cisco SD-WAN Software Information Disclosure Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-09-22T16:00:00", "ID": "CVE-2021-1546", "STATE": "PUBLIC", "TITLE": "Cisco SD-WAN Software Information Disclosure Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco SD-WAN Solution ", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "impact": {"cvss": {"baseScore": "5.5", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N ", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-209"}]}]}, "references": {"reference_data": [{"name": "20210922 Cisco SD-WAN Software Information Disclosure Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX"}]}, "source": {"advisory": "cisco-sa-sd-wan-Fhqh8pKX", "defect": [["CSCvx79335"]], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1546", "datePublished": "2021-09-22T00:00:00", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2021-09-23T02:30:18", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A19C57E-75A5-47AA-94B7-A7ADC2CD7091", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D860DAF6-2876-4F54-ACBF-B217E709BD7F", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F397362-BB17-4F5E-AFA3-B604A96C7BAE", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "15F9C222-75A1-44F8-A726-46CA77430D2F", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "F05A7552-5CFC-47EE-BA6B-98D423761369", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC5C7C68-74C1-4D7F-848B-16C8566C0F42", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D99340DC-B83C-4F81-969F-C0A6E7CC4A54", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "918ACCD9-0F3F-4EF3-8C0A-AE30F69BC8E9", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A923BEA-61C4-4A2E-A7DD-BB389FF661CB", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vsmart_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF370668-127C-409B-83FE-293B830D4FB4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7887226-3051-4914-8B0E-5DF4296AB68E", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "210F5970-F029-4E1F-97E4-0813F78CA88C", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "99B58689-4FDF-4811-B1EE-584F777B696D", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*", "matchCriteriaId": "00AAB4DD-1C45-412F-84AA-C056A0BBFB9A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F443A171-E27A-4173-BB09-77E0A1587CE6", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "047C57D1-C8B3-46F2-8B02-8467AF57D71A", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FF65836-25C3-46C7-8989-9ABF3069D13F", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "F019975D-3A45-4522-9CB9-F4258C371DF6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "61682805-F527-473D-970A-B68053889AC8", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1ECE5A2-ED32-4453-A0FC-78A3D0D4F554", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3A99ECD-E6FE-4BF8-BE6D-22005B5E387A", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*", "matchCriteriaId": "0811E0B5-889E-451E-B754-A8FEE32BDFA2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E00BBD5-A34A-47EF-9BCA-7100D2282A72", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F42BACEF-31BE-4FEF-8BD3-8EC2D5A59194", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "00A3ECC6-E30A-4611-9872-8C6133F4A0C6", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*", "matchCriteriaId": "36973815-F46D-4ADA-B9DF-BCB70AC60BD3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "449AC46F-BE53-4706-A448-83A848492637", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "42659BBF-8707-4DAC-8A5D-0E9DC10DD68F", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9899709-00DD-4934-9A54-3FDB171C2E74", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*", "matchCriteriaId": "061A302C-8D35-4E80-93DA-916DA7E90C06", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A27667C1-0EF2-419D-A216-83FBC3F5A61E", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6954D048-EE8D-4923-9F10-18FD941AF72A", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "95ED1F5D-5573-4886-A875-10DD93AE495B", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*", "matchCriteriaId": "140AF13E-4463-478B-AA94-97406A80CB86", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB95804D-0357-4F33-ABB2-AB04C34D3095", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DAE58206-30C8-4734-B5BB-1FD631351F49", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCB1732D-73DA-4125-A2FE-A79435B550AC", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1356861D-E6CA-4973-9597-629507E8C07E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "56637DFC-FD0A-4714-9988-2DE80B3FB7BE", "versionEndExcluding": "20.4.2", "versionStartIncluding": "18.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "00C2DEED-5833-4E13-BBB3-5E5FE837979D", "versionEndExcluding": "20.5.2", "versionStartIncluding": "20.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BF84BFB-E819-4C59-B16D-B00508218CE3", "versionEndExcluding": "20.6.1", "versionStartIncluding": "20.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:vedge_cloud:-:*:*:*:*:*:*:*", "matchCriteriaId": "94999112-9EAA-4707-B002-F867D7628C49", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information."}, {"lang": "es", "value": "Una vulnerabilidad en la CLI de Cisco SD-WAN Software podr\u00eda permitir a un atacante local autenticado acceder a informaci\u00f3n confidencial. Esta vulnerabilidad es debido a protecciones inapropiadas en el acceso a archivos mediante la CLI. Un atacante podr\u00eda explotar esta vulnerabilidad al ejecutar un comando de la CLI que tenga como objetivo un archivo arbitrario en el sistema local. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante devolver porciones de un archivo arbitrario, posiblemente resultando en una divulgaci\u00f3n de informaci\u00f3n confidencial"}], "id": "CVE-2021-1546", "lastModified": "2023-11-07T03:28:35.463", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2021-09-23T03:15:11.183", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-209"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}