VDB

CVE-2021-1232

CVE-2021-1232 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that is written to an affected system. An attacker could exploit this vulnerability by accessing sensitive information that they are not authorized to access on an affected system. A successful exploit could allow the attacker to gain access to devices and other network management systems that they should not have access to.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

EPSS 0.17% · 37.9th percentile

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/RL:X/RC:X/E:X
EPSS Score
0.17%
37.9th percentile

Affected Products

VendorProductVersions
ciscocatalyst_sd-wan_manager18.4.303, 17.2.4, 17.2.5
CiscoCisco Catalyst SD-WAN Manager20.1.12, 19.2.1, 18.4.4

Exploit Intelligence

Timeline

  • Nov 18, 2024 CVE Published
  • Nov 18, 2024 CVE Updated
  • Nov 19, 2024 EPSS Score
  • Dec 7, 2024 EPSS Score
  • Dec 25, 2024 EPSS Score
  • Jan 11, 2025 EPSS Score
  • Jan 29, 2025 EPSS Score
  • Feb 15, 2025 EPSS Score
  • Mar 5, 2025 EPSS Score
  • Mar 22, 2025 EPSS Score
  • Apr 9, 2025 EPSS Score
  • Apr 26, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›