SB2021092420 - Arbitrary File Overwrite in Cisco IOS XE SD-WAN Software
Published: September 24, 2021
Security Bulletin ID
SB2021092420
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) UNIX symbolic link following (CVE-ID: CVE-2021-1612)
The vulnerability allows a local user to overwrite arbitrary files.
The vulnerability exists due to improper access controls on files within the local file system. A local user can place a symbolic link in a specific location and overwrite arbitrary files on an affected device.
Remediation
Install update from vendor's website.