Cisco SD-WAN vManage Software Vulnerability Allows Directory Traversal and Sensitive File Access
CVE-2021-1465
4.3MEDIUM
What is CVE-2021-1465?
A vulnerability exists in the web-based management interface of Cisco SD-WAN vManage Software, allowing an authenticated remote attacker to exploit insufficient validation of HTTP requests. By sending specifically crafted HTTP requests that include directory traversal character sequences, an attacker could navigate through the file system and gain unauthorized read access to sensitive files on the affected system. This vulnerability highlights the critical need for reinforced security measures in web management interfaces to prevent unauthorized file access and potential system compromise.
Affected Version(s)
Cisco Catalyst SD-WAN Manager 17.2.6
Cisco Catalyst SD-WAN Manager 17.2.7
Cisco Catalyst SD-WAN Manager 17.2.8