According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information.
{"id": "CISCO-SA-VMAN-CMDINJ-NRHKGFHX.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Cisco SD-WAN vManage Command Injection (cisco-sa-vman-cmdinj-nRHKgfHX)", "description": "According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information.", "published": "2021-04-23T00:00:00", "modified": "2022-01-26T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/148959", "reporter": "This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?c7dcde31", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1484", "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw93086"], "cvelist": ["CVE-2021-1484"], "immutableFields": [], "lastseen": "2023-05-19T15:08:12", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "cisco", "idList": ["CISCO-SA-VMAN-CMDINJ-NRHKGFHX"]}]}, "score": {"value": 1.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cisco", "idList": ["CISCO-SA-VMAN-CMDINJ-NRHKGFHX"]}, {"type": "cve", "idList": ["CVE-2021-1484"]}, {"type": "nessus", "idList": ["CISCO_VEDGE_DETECT.NBIN"]}]}, "exploitation": null, "vulnersScore": 1.2}, "_state": {"dependencies": 1684522156, "score": 1684509668, "epss": 0}, "_internal": {"score_hash": "360b771b376c7ed259da1dd99d7927f1"}, "pluginID": "148959", "sourceData": "#TRUSTED 9b75573d280656a659a4a41418b5b57fb453ff4c2673a488ced6daee4b076e22226e48e42c227890f5cee1630c7c680c99d38540e183a34a64b72acbb0207516a7e78c432015abcc9b5287e53f6b4baee871c896019df9435c82f85ce1bebee66379659a6da51e6f5255e2dfde07f5bc37db16e483522dbf99f9881d28cf2350c0bb8b544fdeb1d99208d42913d129568f3cb388bffb47a3a96989da2aa58ffb1d993fd70c60dd1c5ba6a50b4d3729963b627101e3c0dfdb7ca97abdf1dd9ac509fc0c623618eb01145b9f8bac8caaf81550f3910e634491d5656d31053de30e308cc9b7f0d3745b1c93b2e850adb66efd01a2d3397fc19a708cbe04b1dcf36272f48de696e377d35e5c10ae63d39496874f24e73d47234ee49dc4a9d472da0917e5f4ecf66e2491b46f714f90797848b2a5b780dd184090ac1c0493daf9a61f787808f7d3c12fd9ad7983506c84406f70ec6024a53cc2f030f1f21a8e88972d8077b4283217513772313828938c48a115057fb0b86140d26b0f7e724d3b8c232997eb7eb471d0b5f79b0e6f0c9cbf6cc524cde1524c276e842b209d60adc2b1c0df4cdcd71b3a211c62179d0115fe02bdac98a81725ea19f318f8a80e20bb277d498e9efc92bf41b0e838b2936802c8b9d38487757dd9390ffe666046484551344a29f902a4b53c146fdeb7847b7a2aa67a04f2284a4e6589f5f27588bf77f1\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148959);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2021-1484\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvw93086\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-vman-cmdinj-nRHKgfHX\");\n script_xref(name:\"IAVA\", value:\"2021-A-0188-S\");\n\n script_name(english:\"Cisco SD-WAN vManage Command Injection (cisco-sa-vman-cmdinj-nRHKgfHX)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. Please see the\nincluded Cisco BIDs and Cisco Security Advisory for more information.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7dcde31\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw93086\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvw93086\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-1484\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(88);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:sd-wan_vmanage\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:sd-wan_firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_vedge_detect.nbin\");\n script_require_keys(\"Cisco/Viptela/Version\");\n\n exit(0);\n}\n\ninclude('ccf.inc');\n\nproduct_info = cisco::get_product_info(name:'Cisco Viptela');\n\nif (tolower(product_info['model']) !~ \"vmanage\")\n audit(AUDIT_HOST_NOT, 'an affected model');\n\nvuln_ranges = [\n { 'min_ver' : '0.0', 'fix_ver' : '20.5.1' }\n];\n\n \nreporting = make_array(\n 'port' , 0,\n 'severity' , SECURITY_WARNING,\n 'bug_id' , 'CSCvw93086',\n 'version' , product_info['version'],\n 'disable_caveat', TRUE\n);\n\ncisco::check_and_report(\n product_info:product_info,\n vuln_ranges:vuln_ranges,\n reporting:reporting\n);\n", "naslFamily": "CISCO", "cpe": ["cpe:/a:cisco:sd-wan_vmanage", "cpe:/o:cisco:sd-wan_firmware"], "solution": "Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvw93086", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-1484", "vendor_cvss2": {"score": 6.8, "vector": "CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"}, "vendor_cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "vpr": {}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-04-21T00:00:00", "vulnerabilityPublicationDate": "2021-04-21T00:00:00", "exploitableWith": []}
{"cisco": [{"lastseen": "2022-12-22T12:15:13", "description": "A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to inject arbitrary commands on an affected system and cause a denial of service (DoS) condition.\n\nThis vulnerability is due to improper input validation of user-supplied input to the device template configuration. An attacker could exploit this vulnerability by submitting crafted input to the device template configuration. A successful exploit could allow the attacker to cause a DoS condition on the affected system.\n\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX\"]", "cvss3": {}, "published": "2021-04-21T16:00:00", "type": "cisco", "title": "Cisco SD-WAN vManage Command Injection Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-1484"], "modified": "2021-04-21T16:00:00", "id": "CISCO-SA-VMAN-CMDINJ-NRHKGFHX", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX", "cvss": {"score": 6.5, "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}}], "cve": [{"lastseen": "2022-02-25T11:31:23", "description": "This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", "cvss3": {}, "published": "2022-02-25T11:31:23", "type": "cve", "title": "CVE-2021-1484", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2021-1484"], "modified": "2022-02-25T11:31:23", "cpe": [], "id": "CVE-2021-1484", "href": "", "cvss": {}, "cpe23": []}]}
Cisco SD-WAN vManage Command Injection (cisco-sa-vman-cmdinj-nRHKgfHX)
