CVE-2021-1235: Cisco SD-WAN vManage Information Disclosure Vulnerability
First published: Wed Jan 20 2021(Updated: )
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read database files from the filesystem of the underlying operating system.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco SD-WAN vManage | <19.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-1235?
CVE-2021-1235 is a vulnerability in the CLI of Cisco SD-WAN vManage Software that allows an authenticated local attacker to read sensitive database files on an affected system.
What is the severity of CVE-2021-1235?
The severity of CVE-2021-1235 is medium, with a CVSS score of 5.5.
How does CVE-2021-1235 affect Cisco SD-WAN vManage Software?
CVE-2021-1235 affects Cisco SD-WAN vManage Software by allowing an authenticated local attacker to read sensitive database files on an affected system.
How can an attacker exploit CVE-2021-1235?
An attacker can exploit CVE-2021-1235 by accessing the vshell of an affected system.
Is there a fix for CVE-2021-1235?
Yes, Cisco has released software updates to address CVE-2021-1235. Please refer to the Cisco Security Advisory for more information.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/title
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/cisco
- canonical/cisco sd-wan vmanage