CVE-2021-1461

CWE-3474 documents4 sources

Severity

4.9MEDIUM

EPSS

0.0%

top 89.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Catalyst Sd-wan Manager Cisco Cisco Sd-wan Vedge Router

Timeline

PublishedNov 18

Description

A vulnerability in the Image Signature Verification feature of Cisco SD-WAN Software could allow an authenticated, remote attacker with Administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_sd-wan_vedge_router38 versions+37

▶CVEListV5cisco/cisco_catalyst_sd-wan_manager41 versions+40

🔴Vulnerability Details

GHSA

GHSA-pv55-c55f-33qw: A vulnerability in the Image Signature Verification feature of Cisco SD-WAN Software could allow an authenticated, remote attacker with Administrator-↗2024-11-18

▶

CVEList

Cisco SD-WAN Software Signature Verification Bypass Vulnerability↗2024-11-18

▶

📋Vendor Advisories

Cisco

Cisco SD-WAN Software Signature Verification Bypass Vulnerability↗2021-03-03

▶