Unrated severityNVD Advisory· Published Jan 20, 2021· Updated Nov 12, 2024

Cisco SD-WAN Information Disclosure Vulnerability

CVE-2021-1233

Description

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerability by sending a crafted request to the iperf tool, which is included in Cisco SD-WAN Software. A successful exploit could allow the attacker to obtain any file from the filesystem of an affected device.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cisco SD-WAN Software CLI vulnerability allows authenticated local attacker to read any file via crafted iperf request.

Vulnerability

Cisco SD-WAN Software (including vBond, vEdge Cloud Routers, vEdge Routers, vManage) prior to Release 18.4.3 contains a vulnerability in the CLI handling of the iperf tool. Due to insufficient input validation, an authenticated local attacker can send a crafted request to iperf that leads to arbitrary file read from the filesystem. [1]

Exploitation

An attacker must have authenticated local access to the affected device. By sending a specially crafted request to the iperf tool, the attacker can exploit the insufficient input validation to read any file from the device's filesystem. [1]

Impact

Successful exploitation allows the attacker to obtain any file from the filesystem, potentially exposing sensitive information such as configuration files, credentials, or other data. [1]

Mitigation

Cisco has released software updates addressing this vulnerability; fixed in Cisco SD-WAN Software Release 18.4.3 and later. There are no workarounds. [1]

References

Cisco Security Advisory: Cisco SD-WAN Information Disclosure Vulnerability

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./SD-WAN Softwarellm-fuzzy
Cisco/Cisco SD-WAN Solutionv5
Range: n/a

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-infodis-2-UPO232DGmitrevendor-advisoryx_refsource_CISCO

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000