Cisco SD-WAN vManage Software Vulnerability Could Lead to Sensitive Information Access
CVE-2021-1482

6.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Catalyst Sd-wan Manager
Vendor: CVE Published:; 15 November 2024

Summary

A vulnerabilities exists in the web-based management interface of Cisco SD-WAN vManage Software, which can be exploited by an authenticated remote attacker. This vulnerability arises from inadequate authorization checks that allow attackers to send specially crafted HTTP requests to the management interface. Successful exploitation enables attackers to bypass necessary authorization and obtain sensitive information from the system. To mitigate this issue, Cisco has issued software updates, with no alternative workarounds available for affected systems.

Affected Version(s)

Cisco Catalyst SD-WAN Manager 20.1.12

Cisco Catalyst SD-WAN Manager 19.2.1

Cisco Catalyst SD-WAN Manager 18.4.4

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Nov 13, 2020