Cisco SD-WAN vManage Software Vulnerability Allows Bypass of Authorization Checking
CVE-2021-1464

5MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Catalyst Sd-wan Manager
Vendor
CVE Published:
15 November 2024

Summary

A vulnerability in Cisco SD-WAN vManage Software enables an authenticated, remote attacker to bypass authorization checks, potentially granting them restricted access to configuration information on the affected system. This issue arises from inadequate input validation for certain commands. An attacker may exploit this vulnerability by crafting specific requests directed at the vulnerable commands. If successful, the exploit allows unauthorized access to sensitive configuration data, exposing the system to further risks. Cisco has addressed this vulnerability through software updates, and no workarounds are available.

Affected Version(s)

Cisco Catalyst SD-WAN Manager 20.1.12

Cisco Catalyst SD-WAN Manager 19.2.1

Cisco Catalyst SD-WAN Manager 18.4.4

References

https://sec.cloudapps.cisco.com/security/center/content/C...
https://sec.cloudapps.cisco.com/security/center/content/C...
https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.