Cisco SD-WAN vManage Software Vulnerability
CVE-2021-1483

6.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Catalyst Sd-wan Manager
Vendor: CVE Published:; 15 November 2024

Summary

A security flaw in the web UI of Cisco SD-WAN vManage Software could allow an authenticated remote attacker to manipulate and access sensitive information stored on the system. This vulnerability arises from the improper handling of XML External Entity (XXE) inputs when the software parses certain XML files. Attackers could exploit this weakness by convincing a user to import a specially crafted XML file containing malicious entries. If successfully exploited, this vulnerability could enable the attacker to obtain and modify files within the affected application. Cisco has promptly issued software updates to rectify this issue; however, no alternative workarounds are available to mitigate the risk.

Affected Version(s)

Cisco Catalyst SD-WAN Manager 20.1.12

Cisco Catalyst SD-WAN Manager 19.2.1

Cisco Catalyst SD-WAN Manager 18.4.4

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Nov 13, 2020