Lucene search

K
cveCiscoCVE-2021-1263
HistoryJan 20, 2021 - 8:15 p.m.

CVE-2021-1263

2021-01-2020:15:15
CWE-77
CWE-20
cisco
web.nvd.nist.gov
46
3
cisco
sd-wan
vulnerability
command injection
root privileges
nvd
cve-2021-1263

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0

Percentile

12.6%

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.

Affected configurations

Nvd
Node
ciscovedge_100_routerMatch-
OR
ciscovedge_1000_routerMatch-
OR
ciscovedge_100b_routerMatch-
OR
ciscovedge_100m_routerMatch-
OR
ciscovedge_100wm_routerMatch-
OR
ciscovedge_2000_routerMatch-
OR
ciscovedge_5000_routerMatch-
OR
ciscovedge_cloud_routerMatch-
AND
ciscosd-wan_firmwareMatch18.2.0
OR
ciscosd-wan_firmwareMatch18.3.0
OR
ciscosd-wan_firmwareMatch18.3.8
OR
ciscosd-wan_firmwareMatch18.4.6
OR
ciscosd-wan_firmwareMatch19.2.3
OR
ciscosd-wan_firmwareMatch19.2.99
OR
ciscosd-wan_firmwareMatch20.1.0
OR
ciscosd-wan_vsmart_controller_firmware
Node
ciscocatalyst_sd-wan_managerMatch-
OR
ciscosd-wan_vbond_orchestratorMatch-
VendorProductVersionCPE
ciscovedge_100_router-cpe:2.3:h:cisco:vedge_100_router:-:*:*:*:*:*:*:*
ciscovedge_1000_router-cpe:2.3:h:cisco:vedge_1000_router:-:*:*:*:*:*:*:*
ciscovedge_100b_router-cpe:2.3:h:cisco:vedge_100b_router:-:*:*:*:*:*:*:*
ciscovedge_100m_router-cpe:2.3:h:cisco:vedge_100m_router:-:*:*:*:*:*:*:*
ciscovedge_100wm_router-cpe:2.3:h:cisco:vedge_100wm_router:-:*:*:*:*:*:*:*
ciscovedge_2000_router-cpe:2.3:h:cisco:vedge_2000_router:-:*:*:*:*:*:*:*
ciscovedge_5000_router-cpe:2.3:h:cisco:vedge_5000_router:-:*:*:*:*:*:*:*
ciscovedge_cloud_router-cpe:2.3:h:cisco:vedge_cloud_router:-:*:*:*:*:*:*:*
ciscosd-wan_firmware18.2.0cpe:2.3:o:cisco:sd-wan_firmware:18.2.0:*:*:*:*:*:*:*
ciscosd-wan_firmware18.3.0cpe:2.3:o:cisco:sd-wan_firmware:18.3.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 181

CNA Affected

[
  {
    "product": "Cisco SD-WAN Solution",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Social References

More

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0

Percentile

12.6%

Related for CVE-2021-1263