Lucene search

CiscoCVELIST:CVE-2021-1225

HistoryJan 20, 2021 - 8:11 p.m.

CVE-2021-1225 Cisco SD-WAN vManage SQL Injection Vulnerabilities

2021-01-2020:11:14

CWE-89

cisco

www.cve.org

cisco

sd-wan

vmanage

sql injection

vulnerabilities

web-based management

remote attacker

sql queries

exploit

database

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

9.9

Confidence

High

EPSS

0.001

Percentile

46.8%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates values in SQL queries. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system.

CNA Affected

[
  {
    "product": "Cisco SD-WAN vManage",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-sqlinjm-xV8dsjq5

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

9.9

Confidence

High

EPSS

0.001

Percentile

46.8%

JSON

Related for CVELIST:CVE-2021-1225