Cisco SD-WAN vManage Software Vulnerability
CVE-2021-1234

5.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Catalyst Sd-wan Manager
Vendor: CVE Published:; 18 November 2024

Summary

A vulnerability exists in the cluster management interface of Cisco SD-WAN vManage Software, potentially enabling remote attackers to access sensitive information without authentication. This issue arises from the lack of proper authentication mechanisms within the cluster management interface, specifically when the software operates in cluster mode. By sending specially crafted requests, an attacker may retrieve confidential data, posing significant security risks to the affected systems. Cisco has made software updates available to rectify this issue, and it is critical to apply these updates as there are currently no effective workarounds to mitigate the risk.

Affected Version(s)

Cisco Catalyst SD-WAN Manager 20.1.12

Cisco Catalyst SD-WAN Manager 19.2.1

Cisco Catalyst SD-WAN Manager 18.4.4

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Nov 13, 2020