Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-1438
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Cisco Wide Area Application Services Software Information Disclosure Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
将资源暴露给错误范围
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Wide Area Application Services 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Wide Area Application Services是美国思科(Cisco)公司的一个应用系统。用于协同工作以优化网络上的TCP流量。 Cisco Wide Area Application Services (WAAS) Software 存在安全漏洞,该漏洞源于用户可以在CLI中执行的特定命令的不正确输入验证和授权。攻击者可利用该漏洞读取他们最初没有访问权限的任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
CiscoCisco Wide Area Application Services (WAAS) n/a -
II. Public POCs for CVE-2021-1438
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-1438
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Cisco Wide Area Application Services (WAAS)
Same vendor: Cisco
Same weakness: CWE-668
V. Comments for CVE-2021-1438

No comments yet

Leave a comment