CVE-2021-1470Improper Input Validation in Cisco Catalyst Sd-wan Manager

CWE-20Improper Input ValidationCWE-89SQL Injection4 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
0.1%
top 82.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Catalyst Sd-wan ManagerCisco Catalyst Sd-wan Manager
Timeline
PublishedNov 15

Description

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected system. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return val

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

NVDcisco/catalyst_sd-wan_manager49 versions+48
CVEListV5cisco/cisco_catalyst_sd-wan_manager49 versions+48

🔴Vulnerability Details

2
CVEList
Cisco SD-WAN SQL Injection Vulnerability2024-11-15
GHSA
GHSA-j74h-4p4v-6fp3: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL in2024-11-15

📋Vendor Advisories

1
Cisco
Cisco SD-WAN vManage SQL Injection Vulnerability2021-03-03
CVE-2021-1470 — Improper Input Validation in Cisco | cvebase