A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the device.
This vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the file system and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the file system of the underlying operating system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Metrics
Affected Vendors & Products
References
History
Fri, 15 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 15 Nov 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the device. This vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the file system and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the file system of the underlying operating system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |
Title | Cisco SD-WAN vManage Software Information Disclosure Vulnerability | |
Weaknesses | CWE-59 | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2024-11-15T16:25:02.254Z
Updated: 2024-11-15T16:28:58.834Z
Reserved: 2020-11-13T00:00:00.000Z
Link: CVE-2021-1491
Vulnrichment
Updated: 2024-11-15T16:28:53.478Z
NVD
Status : Awaiting Analysis
Published: 2024-11-15T17:15:09.220
Modified: 2024-11-18T17:11:56.587
Link: CVE-2021-1491
Redhat
No data.