CVE-2021-1612
MEDIUMCisco SD-WAN < 17.3.4 - Authenticated Arbitrary File Overwrite via Symbolic Link
Title source: llmDescription
A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device.
References (1)
Core 1
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-GjR5pGOm
Scores
CVSS v3
5.5
EPSS
0.0024
EPSS Percentile
15.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-61
CWE-59
Status
published
Products (1)
cisco/sd-wan
< 17.3.4
Published
Sep 23, 2021
Tracked Since
Feb 18, 2026