CVE-2021-1438 — Vulnetix

CVE-2021-1438 PUBLISHED CVSS 5.5 MEDIUM

A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access.

EPSS 0.05% · 14.6th percentile

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.05%

14.6th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco Wide Area Application Services (WAAS)	*
cisco	wide_area_application_services	0

Exploit Intelligence

20210505 Cisco Wide Area Application Services Software Information Disclosure Vulnerability (circl)

Timeline

May 6, 2021 CVE Published
May 7, 2021 EPSS Score
Jul 10, 2021 EPSS Score
Sep 10, 2021 EPSS Score
Nov 11, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Mar 15, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 16, 2022 EPSS Score
Jul 18, 2022 EPSS Score
Sep 17, 2022 EPSS Score
Nov 18, 2022 EPSS Score

References

20210505 Cisco Wide Area Application Services Software Information Disclosure Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-1438 advisory

Open in Interactive Console →