Vulnerability Description
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerability by sending a crafted request to the iperf tool, which is included in Cisco SD-WAN Software. A successful exploit could allow the attacker to obtain any file from the filesystem of an affected device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Sd-Wan Firmware | < 18.4.3 |
| Cisco | Vedge 100 Router | - |
| Cisco | Vedge 1000 Router | - |
| Cisco | Vedge 100B Router | - |
| Cisco | Vedge 100M Router | - |
| Cisco | Vedge 100Wm Router | - |
| Cisco | Vedge 2000 Router | - |
| Cisco | Vedge 5000 Router | - |
| Cisco | Vedge Cloud Router | - |
| Cisco | Catalyst Sd-Wan Manager | - |
| Cisco | Sd-Wan Vbond Orchestrator | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sVendor Advisory
FAQ
What is CVE-2021-1233?
CVE-2021-1233 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input v...
How severe is CVE-2021-1233?
CVE-2021-1233 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-1233?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Sd-Wan Firmware, Cisco Vedge 100 Router, Cisco Vedge 1000 Router, Cisco Vedge 100B Router, Cisco Vedge 100M Router.