CVE-2021-1535Exposure of Sensitive System Information to an Unauthorized Control Sphere in Cisco Sd-wan Vmanage

CWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 46.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wan VmanageCisco Sd-wan Vmanage
Timeline
PublishedMay 6
Latest updateMay 24

Description

A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster mode. This vulnerability is due to the absence of authentication for sensitive information in the cluster management interface. An attacker could exploit this vulnerability by sending a crafted request to the cluster manage

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDcisco/sd-wan_vmanage< 20.5.1

🔴Vulnerability Details

2
GHSA
GHSA-w33v-4593-fj4h: A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive2022-05-24
CVEList
Cisco SD-WAN vManage Information Disclosure Vulnerability2021-05-06

📋Vendor Advisories

1
Cisco
Cisco SD-WAN vManage Information Disclosure Vulnerability2021-05-05
CVE-2021-1535 — Cisco Sd-wan Vmanage vulnerability | cvebase