CVE-2021-1436

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE SD-WAN Software (affected versions not specified)

Description: The issue is related to insufficient validation of user-supplied input in the command-line interface of the software, allowing an authenticated, local attacker to conduct path traversal attacks. This could enable the attacker to obtain read access to sensitive files on the affected system by sending a crafted request. The vulnerability is due to incorrect restriction of the directory path name with limited access.

Recommendations: For all affected versions, update to the latest software version released by Cisco that addresses this issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation. Avoid using the vulnerable CLI interface until the issue is resolved with a software update.