CVE-2021-1232

CWE-522Insufficiently Protected Credentials5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 61.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Catalyst Sd-wan ManagerCisco Catalyst Sd-wan Manager
Timeline
PublishedNov 18

Description

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that is written to an affected system. An attacker could exploit this vulnerability by accessing sensitive information that they are not authorized to access on an affected system. A successful exploit could

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/catalyst_sd-wan_manager46 versions+45
CVEListV5cisco/cisco_catalyst_sd-wan_manager46 versions+45

🔴Vulnerability Details

2
GHSA
GHSA-g8hr-m8mg-wmfp: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary2024-11-18
CVEList
Cisco SD-WAN vManage Information Disclosure Vulnerability2024-11-18

📋Vendor Advisories

2
Chrome
Stable Channel Update for Desktop: CVE-2023-12312023-03-07
Cisco
Cisco SD-WAN vManage Information Disclosure Vulnerability2021-03-03
CVE-2021-1232 (MEDIUM CVSS 6.5) | A vulnerability in the web-based ma | cvebase.io