Details of VAR-202103-1606

ID

VAR-202103-1606

CVE

CVE-2021-1232

TITLE

Cisco Systems Cisco Catalyst SD-WAN Manager Vulnerability regarding insufficient protection of authentication information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-021890

DESCRIPTION

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that is written to an affected system. An attacker could exploit this vulnerability by accessing sensitive information that they are not authorized to access on an affected system. A successful exploit could allow the attacker to gain access to devices and other network management systems that they should not have access to.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Systems Cisco Catalyst SD-WAN Manager There are vulnerabilities in inadequate protection of credentials.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2021-1232 // JVNDB: JVNDB-2021-021890

AFFECTED PRODUCTS

vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.7	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.1.1.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.5	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.0.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.302	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.1.2	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.099	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.501_es	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.6	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.8	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.7	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.5	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.303	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.1.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.3.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.6	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.5	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.8	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.31	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.098	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.6.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.0.1a	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.10	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.1.12	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.2.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.097	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.0.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.3.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.2	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.3.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.1.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.1.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.929	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.9	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.4	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.8	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.8	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.6.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.1.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.4	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.4.0	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.2.0	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.10	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.6	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.7	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.0	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.5	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.5	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.6	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.3	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.7	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.9	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.3.1	Trust: 0.8

sources: JVNDB: JVNDB-2021-021890 // NVD: CVE-2021-1232

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com:	CVE-2021-1232
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2021-021890
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202103-310
value:	MEDIUM
Trust: 0.6

psirt@cisco.com:	CVE-2021-1232
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2021-021890
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-021890 // CNNVD: CNNVD-202103-310 // NVD: CVE-2021-1232

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-021890 // NVD: CVE-2021-1232

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-310

PATCH

title:	cisco-sa-sdwanvman-infodis1-YuQScHB	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB	Trust: 0.8
title:	Cisco SD-WAN vManage Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=143411	Trust: 0.6

sources: JVNDB: JVNDB-2021-021890 // CNNVD: CNNVD-202103-310

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1232	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-021890	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0776	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-310	Trust: 0.6

sources: JVNDB: JVNDB-2021-021890 // CNNVD: CNNVD-202103-310 // NVD: CVE-2021-1232

REFERENCES

url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ipphone-rce-dos-u2psskz3	Trust: 1.0
url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-snort-ethernet-dos-hgxgjh8n	Trust: 1.0
url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-distupd-n87eb6z3	Trust: 1.0
url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwanvman-infodis1-yuqschb	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1232	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwanvman-infodis1-yuqschb	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0776	Trust: 0.6

sources: JVNDB: JVNDB-2021-021890 // CNNVD: CNNVD-202103-310 // NVD: CVE-2021-1232

SOURCES

db:	JVNDB	id:	JVNDB-2021-021890
db:	CNNVD	id:	CNNVD-202103-310
db:	NVD	id:	CVE-2021-1232

LAST UPDATE DATE

2025-08-06T22:57:08.037000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-021890	date:	2025-08-05T05:10:00
db:	CNNVD	id:	CNNVD-202103-310	date:	2021-03-05T00:00:00
db:	NVD	id:	CVE-2021-1232	date:	2025-08-04T14:44:23.590

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-021890	date:	2025-08-05T00:00:00
db:	CNNVD	id:	CNNVD-202103-310	date:	2021-03-03T00:00:00
db:	NVD	id:	CVE-2021-1232	date:	2024-11-18T16:15:08.567