CVE-2021-1508 — Improper Input Validation in Cisco Catalyst Sd-wan Manager

CWE-20 — Improper Input Validation CWE-862 — Missing Authorization CWE-863 — Incorrect Authorization4 documents4 sources

Severity

8.8HIGHNVD

CNA9.8

EPSS

1.1%

top 22.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Catalyst Sd-wan Manager Cisco Sd-wan Vmanage Cisco Sd-wan Vmanage

Timeline

PublishedMay 6

Latest updateMay 24

Description

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDcisco/sd-wan_vmanage20.3 — 20.3.3+1

▶CVEListV5cisco/cisco_sd-wan_vmanagen/a

▶NVDcisco/catalyst_sd-wan_manager20.4 — 20.4.1+1

🔴Vulnerability Details

GHSA

GHSA-52g8-5ch7-w2hq: Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to↗2022-05-24

▶

CVEList

Cisco SD-WAN vManage Software Vulnerabilities↗2021-05-06

▶

📋Vendor Advisories

Cisco

Cisco SD-WAN vManage Software Vulnerabilities↗2021-05-05

▶