CVE-2021-1479 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Catalyst Sd-wan Manager

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-250 — Execution with Unnecessary Privileges CWE-269 — Improper Privilege Management4 documents4 sources

Severity

9.8CRITICALNVD

CNA7.8

EPSS

2.6%

top 14.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Catalyst Sd-wan Manager Cisco Sd-wan Vmanage Cisco Sd-wan Solution

Timeline

PublishedApr 8

Latest updateMay 24

Description

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDcisco/sd-wan_vmanage19.3 — 20.3.3+1

▶NVDcisco/catalyst_sd-wan_manager20.4 — 20.4.1

▶CVEListV5cisco/cisco_sd-wan_solutionn/a

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-v6q9-8hrp-frq5: Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authen↗2022-05-24

▶

CVEList

Cisco SD-WAN vManage Software Vulnerabilities↗2021-04-08

▶

📋Vendor Advisories

Cisco

Cisco SD-WAN vManage Software Vulnerabilities↗2021-04-07

▶