CVE-2021-1302

CWE-20Improper Input ValidationCWE-284Improper Access Control5 documents5 sources
Severity
8.8HIGH
EPSS
0.1%
top 74.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Cisco Sd-wan Vmanage
Timeline
PublishedJan 20
Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-p9q8-fgmv-mq92: Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypas2022-05-24
CVEList
Cisco SD-WAN vManage Authorization Bypass Vulnerabilities2021-01-20

📋Vendor Advisories

1
Cisco
Cisco SD-WAN vManage Authorization Bypass Vulnerabilities2021-01-20

🕵️Threat Intelligence

1
Talos
Vulnerability Spotlight: Unsafe deserialization vulnerabilities in CODESYS Development System2021-07-26
CVE-2021-1302 (HIGH CVSS 8.8) | Multiple vulnerabilities in the web | cvebase.io