Cisco SD-WAN vManage Software Vulnerability Could Lead to Denial of Service
CVE-2021-1484

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Catalyst Sd-wan Manager
Vendor: CVE Published:; 15 November 2024

Summary

A vulnerability in the web UI of Cisco SD-WAN vManage Software enables an authenticated, remote attacker to inject arbitrary commands into the device template configuration. This issue arises from improper input validation of user-supplied data. By exploiting this weakness through crafted input, an attacker can potentially induce a denial of service condition on the impacted system, disrupting service availability. Cisco has released software updates to remediate this vulnerability, with no alternative workarounds available.

Affected Version(s)

Cisco Catalyst SD-WAN Manager 20.1.12

Cisco Catalyst SD-WAN Manager 19.2.1

Cisco Catalyst SD-WAN Manager 18.4.4

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Nov 13, 2020