CVE-2021-1481

CWE-943Improper Neutralization of Special Elements in Data Query Logic4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 73.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Catalyst Sd-wan ManagerCisco Catalyst Sd-wan Manager
Timeline
PublishedNov 15

Description

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/catalyst_sd-wan_manager64 versions+63
CVEListV5cisco/cisco_catalyst_sd-wan_manager64 versions+63

🔴Vulnerability Details

2
CVEList
Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability2024-11-15
GHSA
GHSA-6fj3-23hj-67pw: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher2024-11-15

📋Vendor Advisories

1
Cisco
Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability2021-04-21
CVE-2021-1481 (MEDIUM CVSS 4.3) | A vulnerability in the web-based ma | cvebase.io