Cisco SD-WAN vManage Software Vulnerability Could Lead to Denial of Service

CVE-2021-1484

6.5MEDIUM

Key Information

Vendor: Cisco
Status: Cisco Catalyst Sd-wan Manager
Vendor: CVE Published:; 15 November 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to inject arbitrary commands on an affected system and cause a denial of service (DoS) condition. This vulnerability is due to improper input validation of user-supplied input to the device template configuration. An attacker could exploit this vulnerability by submitting crafted input to the device template configuration. A successful exploit could allow the attacker to cause a DoS condition on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Affected Version(s)

Cisco Catalyst SD-WAN Manager = 20.1.12

Cisco Catalyst SD-WAN Manager = 19.2.1

Cisco Catalyst SD-WAN Manager = 18.4.4

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 15, 2024
Vulnerability Reserved.
Nov 13, 2020
👾
Exploit exists.
Jan 1, 1970

Collectors

NVD DatabaseMitre Database