CVE-2021-1614

CWE-126 — Buffer Over-read4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.5%

top 32.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Sd-wan Cisco Cisco Sd-wan Solution

Timeline

PublishedJul 22

Latest updateMay 24

Description

A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. This vulnerability is due to insufficient handling of malformed MPLS packets that are processed by a device that is running Cisco SD-WAN Software. An attacker could exploit this vulnerability by sending a crafted MPLS packet to an affected device that is running Cisco SD-WAN Softwa…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDcisco/sd-wan18.4.0 — 18.4.6+4

▶CVEListV5cisco/cisco_sd-wan_solutionn/a

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-8m79-xg2c-ggjm: A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote a↗2022-05-24

▶

CVEList

Cisco SD-WAN Software Information Disclosure Vulnerability↗2021-07-22

▶

📋Vendor Advisories

Cisco

Cisco SD-WAN Software Information Disclosure Vulnerability↗2021-07-21

▶