CVE-2021-1466

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 50.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Catalyst Sd-wan Manager Cisco Catalyst Sd-wan Manager

Timeline

PublishedNov 15

Description

A vulnerability in the vDaemon service of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to cause a buffer overflow on an affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete bounds checks for data that is provided to the vDaemon service of an affected system. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on the affected system. A successful exploit could all…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶NVDcisco/catalyst_sd-wan_manager38 versions+37

▶CVEListV5cisco/cisco_catalyst_sd-wan_manager38 versions+37

🔴Vulnerability Details

GHSA

GHSA-v999-55fc-w9ww: A vulnerability in the vDaemon service of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to cause a buffer overflow on an↗2024-11-15

▶

CVEList

Cisco SD-WAN vDaemon Buffer Overflow Vulnerability↗2024-11-15

▶

📋Vendor Advisories

Cisco

Cisco SD-WAN vDaemon Buffer Overflow Vulnerability↗2021-03-03

▶