Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2021-34712
HistorySep 23, 2021 - 3:15 a.m.

CVE-2021-34712

2021-09-2303:15:17
CWE-943
cisco
web.nvd.nist.gov
32
cisco
sd-wan
vmanage
software
vulnerability
cypher query
injection
nvd
cve-2021-34712

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

33.1%

JSON

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information.

Affected configurations

Nvd
Node
ciscocatalyst_sd-wan_managerRange20.420.4.2
OR
ciscocatalyst_sd-wan_managerMatch20.5
OR
ciscocatalyst_sd-wan_managerMatch20.6
OR
ciscosd-wan_vmanageRange20.320.3.4
VendorProductVersionCPE
ciscocatalyst_sd-wan_manager*cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
ciscocatalyst_sd-wan_manager20.5cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.5:*:*:*:*:*:*:*
ciscocatalyst_sd-wan_manager20.6cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6:*:*:*:*:*:*:*
ciscosd-wan_vmanage*cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco SD-WAN vManage",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Related

nessus 1
prion 1
cisco 1
nvd 1
cvelist 1
nessus
nessus
Cisco SD-WAN vManage Software Cypher Query Language Injection (cisco-sa-sd-wan-jOsuRJCc)
2021-09-22 00:00:00
prion
prion
Input validation
2021-09-23 03:15:00
cisco
cisco
Cisco SD-WAN vManage Software Cypher Query Language Injection Vulnerability
2021-09-22 16:00:00
nvd
nvd
CVE-2021-34712
2021-09-23 03:15:17
cvelist
cvelist
CVE-2021-34712 Cisco SD-WAN vManage Software Cypher Query Language Injection Vulnerability
2021-09-23 02:26:03

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

33.1%

JSON
Related for CVE-2021-34712
nessus1prion1cisco1nvd1cvelist1