CVE-2021-34700

MEDIUM

Cisco Catalyst Sd-wan Manager - Insufficiently Protected Credentials

Title source: rule

Description

A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. This vulnerability exists because access to sensitive information on an affected system is not sufficiently controlled. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the web UI of an affected system.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-infdis-LggOP9sE

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 16.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (2)

cisco/catalyst_sd-wan_manager < 20.5.1

cisco/sd-wan_vmanage < 20.4.2

Timeline

Published Jul 22, 2021

Tracked Since Feb 18, 2026