CVE-2021-34700

Cisco SD-WAN vManage Software Information Disclosure Vulnerability

CVSS 5.5 MEDIUMEPSS 0.3%CWE-522

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.5EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

22 Jul 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. This vulnerability exists because access to sensitive information on an affected system is not sufficiently controlled. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the web UI of an affected system.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Cisco · Cisco SD-WAN vManage

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-infdis-LggOP9sE