Cisco SD-WAN vManage Software Vulnerability Could Lead to Sensitive Information Theft
CVE-2021-1481

4.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Catalyst Sd-wan Manager
Vendor: CVE Published:; 15 November 2024

What is CVE-2021-1481?

A vulnerability exists in the web-based management interface of Cisco SD-WAN vManage Software, allowing an authenticated remote attacker to execute Cypher query language injection attacks. This issue arises from inadequate input validation within the interface. An attacker can exploit this vulnerability by sending specially crafted HTTP requests to the management interface of an affected system, potentially gaining access to sensitive information. Cisco has issued software updates to mitigate this vulnerability, with no alternative workarounds available.

Affected Version(s)

Cisco Catalyst SD-WAN Manager 20.1.12

Cisco Catalyst SD-WAN Manager 19.2.1

Cisco Catalyst SD-WAN Manager 18.4.4

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Nov 13, 2020