CVE-2021-1284 — Improper Access Control in Cisco Catalyst Sd-wan Manager
Severity
8.8HIGHNVD
GHSA2.5
EPSS
0.1%
top 77.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 6
Latest updateMay 24
Description
A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the attacker must be able to access an associated Cisco SD-WAN vEdge device. This vulnerability is due to insufficient authorization checks. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-…
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages3 packages
🔴Vulnerability Details
5GHSA▶
GHSA-5frf-w38r-8j6h: A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to byp↗2022-05-24
📋Vendor Advisories
7Microsoft▶
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient valida↗2021-11-09
Red Hat▶
kernel: data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c↗2021-07-03