CVE-2021-1261

CWE-20Improper Input ValidationCWE-77Command Injection7 documents6 sources
Severity
7.8HIGH
EPSS
1.3%
top 20.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Sd-wan SolutionCisco Sd-wan Firmware
Timeline
PublishedJan 20
Latest updateMay 24

Description

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/sd-wan_firmware7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-fchc-r69w-44gq: Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected devic2022-05-24
CVEList
Cisco SD-WAN Command Injection Vulnerabilities2021-01-20

📋Vendor Advisories

1
Cisco
Cisco SD-WAN Command Injection Vulnerabilities2021-01-20

💬Community

1
Bugzilla
CVE-2020-15389 openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor2020-07-01
CVE-2021-1261 (HIGH CVSS 7.8) | Multiple vulnerabilities in Cisco S | cvebase.io