mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
561 lines
19 KiB
JSON
561 lines
19 KiB
JSON
{
|
|
"id": "CVE-2021-1546",
|
|
"sourceIdentifier": "ykramarz@cisco.com",
|
|
"published": "2021-09-23T03:15:11.183",
|
|
"lastModified": "2021-09-30T13:22:19.457",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una vulnerabilidad en la CLI de Cisco SD-WAN Software podr\u00eda permitir a un atacante local autenticado acceder a informaci\u00f3n confidencial. Esta vulnerabilidad es debido a protecciones inapropiadas en el acceso a archivos mediante la CLI. Un atacante podr\u00eda explotar esta vulnerabilidad al ejecutar un comando de la CLI que tenga como objetivo un archivo arbitrario en el sistema local. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante devolver porciones de un archivo arbitrario, posiblemente resultando en una divulgaci\u00f3n de informaci\u00f3n confidencial"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.5,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "ykramarz@cisco.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.5,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
|
|
"accessVector": "LOCAL",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 2.1
|
|
},
|
|
"baseSeverity": "LOW",
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-209"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "ykramarz@cisco.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-209"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "18.4",
|
|
"versionEndExcluding": "20.4.2",
|
|
"matchCriteriaId": "9F397362-BB17-4F5E-AFA3-B604A96C7BAE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.5",
|
|
"versionEndExcluding": "20.5.2",
|
|
"matchCriteriaId": "15F9C222-75A1-44F8-A726-46CA77430D2F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.6",
|
|
"versionEndExcluding": "20.6.1",
|
|
"matchCriteriaId": "F05A7552-5CFC-47EE-BA6B-98D423761369"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "18.4",
|
|
"versionEndExcluding": "20.4.2",
|
|
"matchCriteriaId": "11D28DFC-1B63-466E-A16B-F6453CB0D22E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.5",
|
|
"versionEndExcluding": "20.5.2",
|
|
"matchCriteriaId": "DC5C7C68-74C1-4D7F-848B-16C8566C0F42"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.6",
|
|
"versionEndExcluding": "20.6.1",
|
|
"matchCriteriaId": "DFC2211D-F709-4170-8544-7EAED7A63D5F"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "18.4",
|
|
"versionEndExcluding": "20.4.2",
|
|
"matchCriteriaId": "D99340DC-B83C-4F81-969F-C0A6E7CC4A54"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.5",
|
|
"versionEndExcluding": "20.5.2",
|
|
"matchCriteriaId": "918ACCD9-0F3F-4EF3-8C0A-AE30F69BC8E9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.6",
|
|
"versionEndExcluding": "20.6.1",
|
|
"matchCriteriaId": "6A923BEA-61C4-4A2E-A7DD-BB389FF661CB"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:vsmart_controller:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FF370668-127C-409B-83FE-293B830D4FB4"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "18.4",
|
|
"versionEndExcluding": "20.4.2",
|
|
"matchCriteriaId": "F7887226-3051-4914-8B0E-5DF4296AB68E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.5",
|
|
"versionEndExcluding": "20.5.2",
|
|
"matchCriteriaId": "210F5970-F029-4E1F-97E4-0813F78CA88C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.6",
|
|
"versionEndExcluding": "20.6.1",
|
|
"matchCriteriaId": "99B58689-4FDF-4811-B1EE-584F777B696D"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "00AAB4DD-1C45-412F-84AA-C056A0BBFB9A"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "18.4",
|
|
"versionEndExcluding": "20.4.2",
|
|
"matchCriteriaId": "F443A171-E27A-4173-BB09-77E0A1587CE6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.5",
|
|
"versionEndExcluding": "20.5.2",
|
|
"matchCriteriaId": "047C57D1-C8B3-46F2-8B02-8467AF57D71A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.6",
|
|
"versionEndExcluding": "20.6.1",
|
|
"matchCriteriaId": "2FF65836-25C3-46C7-8989-9ABF3069D13F"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F019975D-3A45-4522-9CB9-F4258C371DF6"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "18.4",
|
|
"versionEndExcluding": "20.4.2",
|
|
"matchCriteriaId": "61682805-F527-473D-970A-B68053889AC8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.5",
|
|
"versionEndExcluding": "20.5.2",
|
|
"matchCriteriaId": "B1ECE5A2-ED32-4453-A0FC-78A3D0D4F554"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.6",
|
|
"versionEndExcluding": "20.6.1",
|
|
"matchCriteriaId": "E3A99ECD-E6FE-4BF8-BE6D-22005B5E387A"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0811E0B5-889E-451E-B754-A8FEE32BDFA2"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "18.4",
|
|
"versionEndExcluding": "20.4.2",
|
|
"matchCriteriaId": "3E00BBD5-A34A-47EF-9BCA-7100D2282A72"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.5",
|
|
"versionEndExcluding": "20.5.2",
|
|
"matchCriteriaId": "F42BACEF-31BE-4FEF-8BD3-8EC2D5A59194"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.6",
|
|
"versionEndExcluding": "20.6.1",
|
|
"matchCriteriaId": "00A3ECC6-E30A-4611-9872-8C6133F4A0C6"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "36973815-F46D-4ADA-B9DF-BCB70AC60BD3"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "18.4",
|
|
"versionEndExcluding": "20.4.2",
|
|
"matchCriteriaId": "449AC46F-BE53-4706-A448-83A848492637"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.5",
|
|
"versionEndExcluding": "20.5.2",
|
|
"matchCriteriaId": "42659BBF-8707-4DAC-8A5D-0E9DC10DD68F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.6",
|
|
"versionEndExcluding": "20.6.1",
|
|
"matchCriteriaId": "D9899709-00DD-4934-9A54-3FDB171C2E74"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "061A302C-8D35-4E80-93DA-916DA7E90C06"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "18.4",
|
|
"versionEndExcluding": "20.4.2",
|
|
"matchCriteriaId": "A27667C1-0EF2-419D-A216-83FBC3F5A61E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.5",
|
|
"versionEndExcluding": "20.5.2",
|
|
"matchCriteriaId": "6954D048-EE8D-4923-9F10-18FD941AF72A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.6",
|
|
"versionEndExcluding": "20.6.1",
|
|
"matchCriteriaId": "95ED1F5D-5573-4886-A875-10DD93AE495B"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "140AF13E-4463-478B-AA94-97406A80CB86"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "18.4",
|
|
"versionEndExcluding": "20.4.2",
|
|
"matchCriteriaId": "FB95804D-0357-4F33-ABB2-AB04C34D3095"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.5",
|
|
"versionEndExcluding": "20.5.2",
|
|
"matchCriteriaId": "DAE58206-30C8-4734-B5BB-1FD631351F49"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.6",
|
|
"versionEndExcluding": "20.6.1",
|
|
"matchCriteriaId": "BCB1732D-73DA-4125-A2FE-A79435B550AC"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1356861D-E6CA-4973-9597-629507E8C07E"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "18.4",
|
|
"versionEndExcluding": "20.4.2",
|
|
"matchCriteriaId": "56637DFC-FD0A-4714-9988-2DE80B3FB7BE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.5",
|
|
"versionEndExcluding": "20.5.2",
|
|
"matchCriteriaId": "00C2DEED-5833-4E13-BBB3-5E5FE837979D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "20.6",
|
|
"versionEndExcluding": "20.6.1",
|
|
"matchCriteriaId": "6BF84BFB-E819-4C59-B16D-B00508218CE3"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:vedge_cloud:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "94999112-9EAA-4707-B002-F867D7628C49"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX",
|
|
"source": "ykramarz@cisco.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |