CVE-2021-1299

CWE-20Improper Input ValidationCWE-77Command Injection6 documents5 sources
Severity
8.8HIGH
EPSS
1.1%
top 22.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Sd-wan SolutionCisco Sd-wan Firmware
Timeline
PublishedJan 20
Latest updateMay 24

Description

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/sd-wan_firmware7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-5r3w-7gjv-66pg: Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected devic2022-05-24
CVEList
Cisco SD-WAN Command Injection Vulnerabilities2021-01-20

📋Vendor Advisories

1
Cisco
Cisco SD-WAN Command Injection Vulnerabilities2021-01-20

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Multiple integer overflow vulnerabilities in GPAC Project on Advanced Content2021-08-13
Talos
Vulnerability Spotlight: Multiple integer overflow vulnerabilities in GPAC Project on Advanced Content2021-08-13
CVE-2021-1299 (HIGH CVSS 8.8) | Multiple vulnerabilities in Cisco S | cvebase.io