CVE-2021-1301Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Sd-wan Solution

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-20Improper Input ValidationCWE-120Classic Buffer Overflow6 documents5 sources
Severity
9.8CRITICALNVD
EPSS
0.9%
top 24.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wan SolutionCisco Sd-wan Firmware
Timeline
PublishedJan 20
Latest updateMay 24

Description

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDcisco/sd-wan_firmware4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-75jh-gcr9-74rj: Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device2022-05-24
CVEList
Cisco SD-WAN Buffer Overflow Vulnerabilities2021-01-20

📋Vendor Advisories

1
Cisco
Cisco SD-WAN Buffer Overflow Vulnerabilities2021-01-20

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Unsafe deserialization vulnerabilities in CODESYS Development System2021-07-26
Talos
Vulnerability Spotlight: Unsafe deserialization vulnerabilities in CODESYS Development System2021-07-26
CVE-2021-1301 — Cisco Sd-wan Solution vulnerability | cvebase