CVE-2021-1515

CWE-284Improper Access Control4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 80.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wan VmanageCisco Cisco Sd-wan Vmanage
Timeline
PublishedMay 6
Latest updateMay 24

Description

A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to gain access to sensitive information. This vulnerability is due to improper access controls on API endpoints when Cisco SD-WAN vManage Software is running in multi-tenant mode. An attacker with access to a device that is managed in the multi-tenant environment could exploit this vulnerability by sending a request to an affected API endpoint on the vManage system. A successful exploit could allow

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/sd-wan_vmanage< 20.4.1

🔴Vulnerability Details

2
GHSA
GHSA-q83x-g9vq-2w7p: A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to gain access to sensitive information2022-05-24
CVEList
Cisco SD-WAN vManage Information Disclosure Vulnerability2021-05-06

📋Vendor Advisories

1
Cisco
Cisco SD-WAN vManage Information Disclosure Vulnerability2021-05-05
CVE-2021-1515 (MEDIUM CVSS 4.3) | A vulnerability in Cisco SD-WAN vMa | cvebase.io