First published: Thu Jul 22 2021(Updated: )
A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. This vulnerability exists because access to sensitive information on an affected system is not sufficiently controlled. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the web UI of an affected system.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Catalyst SD-WAN Manager | >=20.5.0<20.5.1 | |
Cisco SD-WAN vManage | <20.4.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-34700.
The title of this vulnerability is 'A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated l…'
The severity of CVE-2021-34700 is medium.
CVE-2021-34700 allows an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system in Cisco SD-WAN vManage Software.
To fix CVE-2021-34700, it is recommended to update the affected Cisco SD-WAN vManage Software to version 20.5.1 or higher.