PT-2021-1836 · Cisco · Cisco Sd-Wan Vmanage

Published

2021-01-20

Updated

2021-01-27

CVE-2021-1235

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN vManage Software (affected versions not specified)

Description A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The issue is due to insufficient user authorization. An attacker could exploit this by accessing the vshell of an affected system, potentially allowing them to read database files from the underlying operating system's filesystem.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-497

Related Identifiers

BDU:2021-00596

CVE-2021-1235

Affected Products

Cisco Sd-Wan Vmanage

PT-2021-1836 · Cisco · Cisco Sd-Wan Vmanage

CVE-2021-1235

Weakness Enumeration

Related Identifiers

Affected Products

References · 5