A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerability by sending a crafted request to the iperf tool, which is included in Cisco SD-WAN Software. A successful exploit could allow the attacker to obtain any file from the filesystem of an affected device.

Project Subscriptions

Vendors Products
Catalyst Sd-wan Manager Subscribe
Sd-wan Firmware Subscribe
Sd-wan Vbond Orchestrator Subscribe
Vedge 1000 Router Subscribe
Vedge 100 Router Subscribe
Vedge 100b Router Subscribe
Vedge 100m Router Subscribe
Vedge 100wm Router Subscribe
Vedge 2000 Router Subscribe
Vedge 5000 Router Subscribe
Vedge Cloud Router Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2021-6700 A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerability by sending a crafted request to the iperf tool, which is included in Cisco SD-WAN Software. A successful exploit could allow the attacker to obtain any file from the filesystem of an affected device.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 12 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2024-11-12T20:20:35.284Z

Reserved: 2020-11-13T00:00:00

Link: CVE-2021-1233

cve-icon Vulnrichment

Updated: 2024-08-03T16:02:56.214Z

cve-icon NVD

Status : Modified

Published: 2021-01-20T21:15:11.943

Modified: 2024-11-21T05:43:53.390

Link: CVE-2021-1233

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses