VDB
CVE-2021-1546
CVE-2021-1546
PUBLISHED
CVSS 5.5 MEDIUM
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information.
EPSS 0.15% · 35.9th percentile
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.15%
35.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | vedge_cloud_firmware | 20.5, 18.4, 20.6 |
| cisco | sd-wan_vmanage | 20.5 |
| cisco | vedge_1000_firmware | 20.6, 20.5, 18.4 |
| Cisco | Cisco SD-WAN Solution | n/a |
| cisco | vsmart_controller_firmware | 18.4, 20.6, 20.5 |
| cisco | vedge_5000_firmware | 20.6, 18.4, 20.5 |
| cisco | sd-wan_vbond_orchestrator | 20.5, 20.6, 18.4 |
| cisco | catalyst_sd-wan_manager | 20.6, 18.4 |
| cisco | vedge_100b_firmware | 20.6, 18.4, 20.5 |
| cisco | vedge_100wm_firmware | 18.4, 20.6, 20.5 |
| cisco | vedge_2000_firmware | 20.5, 18.4, 20.6 |
| cisco | vedge_100m_firmware | 20.5, 18.4, 20.6 |
| cisco | vedge_100_firmware | 20.5, 18.4, 20.6 |
Exploit Intelligence
Timeline
- Apr 13, 2021 CVE Published
- Sep 23, 2021 EPSS Score
- Oct 5, 2021 EPSS Score
- Oct 11, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 15, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 14, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 6, 2022 EPSS Score
- Sep 2, 2022 EPSS Score
- Oct 29, 2022 EPSS Score