CVE-2021-1528

CWE-2504 documents4 sources

Severity

7.8HIGH

EPSS

0.1%

top 82.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Catalyst Sd-wan Manager Cisco Sd-wan Vbond Orchestrator Cisco Vedge 1000 Firmware +9 more

Timeline

PublishedJun 4

Latest updateMay 24

Description

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this vulnerability by invoking a privileged process in the affected system. A successful exploit could allow the attacker to perform actions with the privileges of the root user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages12 packages

▶NVDcisco/vsmart_controller20.4 — 20.4.2+1

▶NVDcisco/vedge_100_firmware20.4 — 20.4.2+1

▶NVDcisco/vedge_1000_firmware20.4 — 20.4.2+1

▶NVDcisco/vedge_100b_firmware20.4 — 20.4.2+1

▶NVDcisco/vedge_100m_firmware20.4 — 20.4.2+1

🔴Vulnerability Details

GHSA

GHSA-cpmx-5wrq-wv6m: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system↗2022-05-24

▶

CVEList

Cisco SD-WAN Software Privilege Escalation Vulnerability↗2021-06-04

▶

📋Vendor Advisories

Cisco

Cisco SD-WAN Software Privilege Escalation Vulnerability↗2021-06-02

▶