Lucene search

[email protected]CVE-2021-1514

HistoryMay 06, 2021 - 1:15 p.m.

CVE-2021-1514

2021-05-0613:15:00

CWE-78

[email protected]

web.nvd.nist.gov

cisco

sd-wan

software

vulnerability

cli

authenticated

injection

arbitrary commands

nvd

cve-2021-1514

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges.

CPENameOperatorVersion
cisco:sd-wan_vbond_orchestratorcisco sd-wan vbond orchestratorlt18.3
cisco:sd-wan_vbond_orchestratorcisco sd-wan vbond orchestratorlt20.1.1
cisco:sd-wan_vbond_orchestratorcisco sd-wan vbond orchestratorlt20.3.1
cisco:sd-wan_vbond_orchestratorcisco sd-wan vbond orchestratorlt20.4.1
cisco:sd-wan_vbond_orchestratorcisco sd-wan vbond orchestratorlt20.5.1
cisco:sd-wan_vmanagecisco sd-wan vmanagelt18.3
cisco:catalyst_sd-wan_managercisco catalyst sd-wan managerlt20.4.1
cisco:catalyst_sd-wan_managercisco catalyst sd-wan managerlt20.3.1
cisco:catalyst_sd-wan_managercisco catalyst sd-wan managerlt20.5.1
cisco:catalyst_sd-wan_managercisco catalyst sd-wan managerlt20.1.1

CPE	Name	Operator	Version
cisco:sd-wan_vbond_orchestrator	cisco sd-wan vbond orchestrator	lt	18.3
cisco:sd-wan_vbond_orchestrator	cisco sd-wan vbond orchestrator	lt	20.1.1
cisco:sd-wan_vbond_orchestrator	cisco sd-wan vbond orchestrator	lt	20.3.1
cisco:sd-wan_vbond_orchestrator	cisco sd-wan vbond orchestrator	lt	20.4.1
cisco:sd-wan_vbond_orchestrator	cisco sd-wan vbond orchestrator	lt	20.5.1
cisco:sd-wan_vmanage	cisco sd-wan vmanage	lt	18.3
cisco:catalyst_sd-wan_manager	cisco catalyst sd-wan manager	lt	20.4.1
cisco:catalyst_sd-wan_manager	cisco catalyst sd-wan manager	lt	20.3.1
cisco:catalyst_sd-wan_manager	cisco catalyst sd-wan manager	lt	20.5.1
cisco:catalyst_sd-wan_manager	cisco catalyst sd-wan manager	lt	20.1.1

Rows per page:

1-10 of 601

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-QVszVUPy

Social References

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2021-1514

prion1 cisco1 nessus1