CVE-2021-1486Observable Discrepancy in Cisco Catalyst Sd-wan Manager

CWE-203Observable Discrepancy4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 41.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Catalyst Sd-wan ManagerCisco Sd-wan VmanageCisco Sd-wan Vmanage
Timeline
PublishedMay 6
Latest updateMay 24

Description

A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the HTTP responses that are returned by the affected system to determine which accounts are valid user accounts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDcisco/sd-wan_vmanage< 20.3.3
NVDcisco/catalyst_sd-wan_manager20.420.4.1

🔴Vulnerability Details

2
GHSA
GHSA-q9x7-rrj5-j549: A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts2022-05-24
CVEList
Cisco SD-WAN vManage HTTP Authentication User Enumeration Vulnerability2021-05-06

📋Vendor Advisories

1
Cisco
Cisco SD-WAN vManage HTTP Authentication User Enumeration Vulnerability2021-05-05
CVE-2021-1486 — Observable Discrepancy in Cisco | cvebase