Information disclosure in Cisco Wide Area Application Services (WAAS)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-1438 |
| CWE-ID | N/A |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco Wide Area Application Services Server applications / Other server solutions |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Exposure of Resource to Wrong Sphere
EUVDB-ID: #VU52905
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1438
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper input validation and authorization of specific commands that a user can execute within the CLI.A local authenticated user can execute a specific set of commands and gain read arbitrary files on the system.
Install updates from vendor's website.
Vulnerable software versionsCisco Wide Area Application Services: 6.4.1 - 6.4.5a 28
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-infdisc-Twb4EypK
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw97364
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
