CVE-2021-1546

MEDIUM

Cisco SD-WAN Software - Authenticated Sensitive Information Disclosure via CLI File Access

Title source: llm

Description

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX

Scores

CVSS v3 5.5

EPSS 0.0015

EPSS Percentile 35.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-209

Status published

Products (12)

cisco/catalyst_sd-wan_manager 18.4 - 20.4.2

cisco/sd-wan_vbond_orchestrator 18.4 - 20.4.2

cisco/sd-wan_vmanage 20.5 - 20.5.2

cisco/vedge_1000_firmware 18.4 - 20.4.2

cisco/vedge_100_firmware 18.4 - 20.4.2

cisco/vedge_100b_firmware 18.4 - 20.4.2

cisco/vedge_100m_firmware 18.4 - 20.4.2

cisco/vedge_100wm_firmware 18.4 - 20.4.2

cisco/vedge_2000_firmware 18.4 - 20.4.2

cisco/vedge_5000_firmware 18.4 - 20.4.2

... and 2 more

Published Sep 23, 2021

Tracked Since Feb 18, 2026