CVE-2021-1233 — Improper Input Validation in Cisco Sd-wan Firmware

CWE-20 — Improper Input Validation6 documents5 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 81.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Sd-wan Firmware Cisco Sd-wan Solution

Timeline

PublishedJan 20

Latest updateMay 24

Description

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerability by sending a crafted request to the iperf tool, which is included in Cisco SD-WAN Software. A successful exploit could allow the attacker to obtain any file from the filesystem of an affected device.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/sd-wan_firmware< 18.4.3

▶CVEListV5cisco/cisco_sd-wan_solutionn/a

🔴Vulnerability Details

GHSA

GHSA-7p72-85j2-h9fw: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device↗2022-05-24

▶

CVEList

Cisco SD-WAN Information Disclosure Vulnerability↗2021-01-20

▶

📋Vendor Advisories

Cisco

Cisco SD-WAN Information Disclosure Vulnerability↗2021-01-20

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Code execution vulnerability in Adobe Acrobat Reader↗2021-05-11

▶

Talos

Vulnerability Spotlight: Code execution vulnerability in Adobe Acrobat Reader↗2021-05-11

▶