CVE-2021-1482

CWE-20Improper Input Validation4 documents4 sources
Severity
6.4MEDIUM
EPSS
0.1%
top 79.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Catalyst Sd-wan ManagerCisco Catalyst Sd-wan Manager
Timeline
PublishedNov 15

Description

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system. This vulnerability is due to insufficient authorization checks. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to bypass authorizati

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:NExploitability: 3.1 | Impact: 2.7

Affected Packages2 packages

NVDcisco/catalyst_sd-wan_manager64 versions+63
CVEListV5cisco/cisco_catalyst_sd-wan_manager64 versions+63

🔴Vulnerability Details

2
GHSA
GHSA-922x-h9px-jp85: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authori2024-11-15
CVEList
Cisco SD-WAN vManage Authorization Bypass Vulnerability2024-11-15

📋Vendor Advisories

1
Cisco
Cisco SD-WAN vManage Authorization Bypass Vulnerability2021-04-21
CVE-2021-1482 (MEDIUM CVSS 6.4) | A vulnerability in the web-based ma | cvebase.io