CVE-2021-1480

CWE-119 — Buffer Overflow CWE-20 — Improper Input Validation CWE-250 CWE-269 — Improper Privilege Management4 documents4 sources

Severity

7.8HIGH

EPSS

5.3%

top 9.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Catalyst Sd-wan Manager Cisco Sd-wan Vmanage Cisco Cisco Sd-wan Solution

Timeline

PublishedApr 8

Latest updateMay 24

Description

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDcisco/sd-wan_vmanage19.3 — 20.3.3+1

▶NVDcisco/catalyst_sd-wan_manager20.4 — 20.4.1

▶CVEListV5cisco/cisco_sd-wan_solutionn/a

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-jcjp-wq4w-2hxj: Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authen↗2022-05-24

▶

CVEList

Cisco SD-WAN vManage Software Vulnerabilities↗2021-04-08

▶

📋Vendor Advisories

Cisco

Cisco SD-WAN vManage Software Vulnerabilities↗2021-04-07

▶