Cisco SD-WAN vManage Software Vulnerability Allows Elevation of Privileges
CVE-2021-1462

4.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Catalyst Sd-wan Manager
Vendor: CVE Published:; 18 November 2024

Summary

A security vulnerability affecting the Command Line Interface (CLI) of Cisco SD-WAN vManage Software allows an authenticated local attacker to exploit the system by elevating their privileges. This issue arises from improper privilege assignment within the software. An attacker with a valid Administrator account can log into the affected system, create a malicious file, and subsequently trigger the system to parse this file during future operations. This could lead to the attacker obtaining root privileges, significantly compromising the security of the affected system. Cisco has issued software updates to mitigate this vulnerability, and no alternative workarounds are available.

Affected Version(s)

Cisco Catalyst SD-WAN Manager 20.1.12

Cisco Catalyst SD-WAN Manager 19.2.1

Cisco Catalyst SD-WAN Manager 18.4.4

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Nov 13, 2020