CVE-2021-34700

CWE-522Insufficiently Protected Credentials4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 83.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Catalyst Sd-wan ManagerCisco Sd-wan VmanageCisco Cisco Sd-wan Vmanage
Timeline
PublishedJul 22
Latest updateMay 24

Description

A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. This vulnerability exists because access to sensitive information on an affected system is not sufficiently controlled. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged a

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDcisco/sd-wan_vmanage< 20.4.2
NVDcisco/catalyst_sd-wan_manager20.5.020.5.1

🔴Vulnerability Details

2
GHSA
GHSA-m8ph-774q-fv98: A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the unde2022-05-24
CVEList
Cisco SD-WAN vManage Software Information Disclosure Vulnerability2021-07-22

📋Vendor Advisories

1
Cisco
Cisco SD-WAN vManage Software Information Disclosure Vulnerability2021-07-21
CVE-2021-34700 (MEDIUM CVSS 5.5) | A vulnerability in the CLI interfac | cvebase.io