CVE-2021-1438

CWE-668Exposure to Wrong Sphere4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 85.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Wide Area Application ServicesCisco Cisco Wide Area Application Services (waas)
Timeline
PublishedMay 6
Latest updateMay 24

Description

A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrar

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-cw9v-q2h7-7x99: A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive infor2022-05-24
CVEList
Cisco Wide Area Application Services Software Information Disclosure Vulnerability2021-05-06

📋Vendor Advisories

1
Cisco
Cisco Wide Area Application Services Software Information Disclosure Vulnerability2021-05-05
CVE-2021-1438 (MEDIUM CVSS 5.5) | A vulnerability in Cisco Wide Area | cvebase.io