CVE-2021-1465

CWE-20Improper Input ValidationCWE-22Path Traversal4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.9%
top 24.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Catalyst Sd-wan ManagerCisco Catalyst Sd-wan Manager
Timeline
PublishedNov 18

Description

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/catalyst_sd-wan_manager39 versions+38
CVEListV5cisco/cisco_catalyst_sd-wan_manager39 versions+38

🔴Vulnerability Details

2
GHSA
GHSA-p966-47mp-f6w3: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a dire2024-11-18
CVEList
CVE-2021-1465: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a dire2024-11-18

📋Vendor Advisories

1
Cisco
Cisco SD-WAN vManage Directory Traversal Vulnerability2021-03-03
CVE-2021-1465 (MEDIUM CVSS 4.3) | A vulnerability in the web-based ma | cvebase.io