{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T03:59:22.789","vulnerabilities":[{"cve":{"id":"CVE-2021-1145","sourceIdentifier":"psirt@cisco.com","published":"2021-01-13T22:15:14.803","lastModified":"2024-11-21T05:43:41.293","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links. An attacker could exploit this vulnerability by sending a crafted SFTP command to an affected device. A successful exploit could allow the attacker to read arbitrary files on the affected device."},{"lang":"es","value":"Una vulnerabilidad en los Enrutadores Secure FTP (SFTP) de Cisco StarOS para Cisco ASR 5000 Series, podría permitir a un atacante autenticado remoto leer archivos arbitrarios en un dispositivo afectado. Para explotar esta vulnerabilidad, el atacante debería tener credenciales válidas en el dispositivo afectado. La vulnerabilidad es debido al manejo no seguro de enlaces simbólicos. Un atacante podría explotar esta vulnerabilidad mediante el envío de un comando SFTP diseñado hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante leer archivos arbitrarios en el dispositivo afectado."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-61"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*","versionEndExcluding":"21.19.7","matchCriteriaId":"63993C7F-3FE3-4095-A896-2109DEE40D1C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*","matchCriteriaId":"746254AC-B039-432C-AA5C-A82260E57AD7"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*","matchCriteriaId":"301681DF-2A9E-4A91-9918-4A46153ADC01"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*","matchCriteriaId":"A9EF0299-16A7-446D-855D-BFF91EE65534"}]}]}],"references":[{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-file-read-L3RDvtey","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-file-read-L3RDvtey","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}