CVE-2021-1468

CWE-20Improper Input ValidationCWE-287Improper AuthenticationCWE-862Missing AuthorizationCWE-863Incorrect Authorization4 documents4 sources
Severity
9.8CRITICAL
EPSS
2.6%
top 14.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Catalyst Sd-wan ManagerCisco Sd-wan VmanageCisco Cisco Sd-wan Vmanage
Timeline
PublishedMay 6
Latest updateMay 24

Description

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDcisco/sd-wan_vmanage< 20.3.3
NVDcisco/catalyst_sd-wan_manager20.420.4.1+1

🔴Vulnerability Details

2
GHSA
GHSA-77ww-5vqp-x7vx: Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to2022-05-24
CVEList
Cisco SD-WAN vManage Software Vulnerabilities2021-05-06

📋Vendor Advisories

1
Cisco
Cisco SD-WAN vManage Software Vulnerabilities2021-05-05
CVE-2021-1468 (CRITICAL CVSS 9.8) | Multiple vulnerabilities in Cisco S | cvebase.io