Vulnerability in Image Signature Verification Feature Could Allow Attackers to Install Malware
CVE-2021-1461

4.9MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Catalyst Sd-wan Manager
Cisco Sd-wan Vedge Router
Vendor
CVE Published:
18 November 2024

Summary

A vulnerability exists in the Image Signature Verification feature of Cisco SD-WAN Software, enabling an authenticated remote attacker with Administrator-level credentials to exploit this flaw. The root cause of the issue is the improper verification of digital signatures for software patch images. This manipulation allows an attacker to create an unsigned software patch that can bypass the necessary signature checks, leading to the potential installation of a malicious software patch image on the affected device. As a result, successful exploitation could permit unauthorized actions on the system unless addressed through the software updates provided by Cisco, as there are no viable workarounds for this security flaw.

Affected Version(s)

Cisco Catalyst SD-WAN Manager 19.2.1

Cisco Catalyst SD-WAN Manager 18.4.4

Cisco Catalyst SD-WAN Manager 19.3.0

References

https://sec.cloudapps.cisco.com/security/center/content/C...
https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.