CVE-2021-1263Improper Input Validation in Cisco Sd-wan Solution

CWE-20Improper Input ValidationCWE-77Command InjectionCWE-22Path Traversal5 documents5 sources
Severity
7.8HIGHNVD
GHSA4.7
EPSS
1.3%
top 20.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wan SolutionCisco Sd-wan Firmware
Timeline
PublishedJan 20
Latest updateMay 24

Description

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/sd-wan_firmware7 versions+6

🔴Vulnerability Details

3
GHSA
GHSA-qq6m-6mqj-xgv4: Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected devic2022-05-24
GHSA
Path Traversal in Spring-integration-zip2022-03-18
CVEList
Cisco SD-WAN Command Injection Vulnerabilities2021-01-20

📋Vendor Advisories

1
Cisco
Cisco SD-WAN Command Injection Vulnerabilities2021-01-20
CVE-2021-1263 — Improper Input Validation in Cisco | cvebase