CVE-2021-1259

CWE-22Path TraversalCWE-400Uncontrolled Resource ConsumptionCWE-770Allocation without Limits7 documents6 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 52.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wan VmanageCisco Cisco Sd-wan Vmanage
Timeline
PublishedJan 20
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain write access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the atta

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/sd-wan_vmanage< 18.2.0

🔴Vulnerability Details

2
GHSA
GHSA-qc69-r7wf-6p6c: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path t2022-05-24
CVEList
Cisco SD-WAN vManage Software Path Traversal Vulnerability2021-01-20

📋Vendor Advisories

2
Red Hat
undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)2022-04-06
Cisco
Cisco SD-WAN vManage Software Path Traversal Vulnerability2021-01-20

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Use-after-free vulnerability in Microsoft Excel could lead to code execution2021-10-12
Talos
Vulnerability Spotlight: Use-after-free vulnerability in Microsoft Excel could lead to code execution2021-10-12
CVE-2021-1259 (MEDIUM CVSS 6.5) | A vulnerability in the web-based ma | cvebase.io