Lucene search

[email protected]NVD:CVE-2021-1305

HistoryJan 20, 2021 - 8:15 p.m.

CVE-2021-1305

2021-01-2020:15:17

CWE-20

CWE-863

[email protected]

web.nvd.nist.gov

cisco

sd-wan

vmanage software

vulnerabilities

web-based management

authorization bypass

configuration modification

sensitive information

remote attacker

authenticated

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

31.7%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.

Affected configurations

Nvd

Node

ciscoios_xe_sd-wanMatch-

ciscosd-wan_firmwareRange<20.3.2

ciscosd-wan_firmwareMatch20.4.0

ciscosd-wan_vsmart_controller_firmware

AND

ciscovedge_100_routerMatch-

ciscovedge_1000_routerMatch-

ciscovedge_100b_routerMatch-

ciscovedge_100m_routerMatch-

ciscovedge_100wm_routerMatch-

ciscovedge_2000_routerMatch-

ciscovedge_5000_routerMatch-

ciscovedge_cloud_routerMatch-

Node

ciscosd-wan_vbond_orchestratorMatch-

VendorProductVersionCPE
ciscoios_xe_sd-wan-cpe:2.3:o:cisco:ios_xe_sd-wan:-:*:*:*:*:*:*:*
ciscosd-wan_firmware*cpe:2.3:o:cisco:sd-wan_firmware:*:*:*:*:*:*:*:*
ciscosd-wan_firmware20.4.0cpe:2.3:o:cisco:sd-wan_firmware:20.4.0:*:*:*:*:*:*:*
ciscosd-wan_vsmart_controller_firmware*cpe:2.3:o:cisco:sd-wan_vsmart_controller_firmware:*:*:*:*:*:*:*:*
ciscovedge_100_router-cpe:2.3:h:cisco:vedge_100_router:-:*:*:*:*:*:*:*
ciscovedge_1000_router-cpe:2.3:h:cisco:vedge_1000_router:-:*:*:*:*:*:*:*
ciscovedge_100b_router-cpe:2.3:h:cisco:vedge_100b_router:-:*:*:*:*:*:*:*
ciscovedge_100m_router-cpe:2.3:h:cisco:vedge_100m_router:-:*:*:*:*:*:*:*
ciscovedge_100wm_router-cpe:2.3:h:cisco:vedge_100wm_router:-:*:*:*:*:*:*:*
ciscovedge_2000_router-cpe:2.3:h:cisco:vedge_2000_router:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe_sd-wan	-	cpe:2.3:o:cisco:ios_xe_sd-wan:-:::::::*
cisco	sd-wan_firmware	*	cpe:2.3:o:cisco:sd-wan_firmware::::::::
cisco	sd-wan_firmware	20.4.0	cpe:2.3:o:cisco:sd-wan_firmware:20.4.0:::::::*
cisco	sd-wan_vsmart_controller_firmware	*	cpe:2.3:o:cisco:sd-wan_vsmart_controller_firmware::::::::
cisco	vedge_100_router	-	cpe:2.3:h:cisco:vedge_100_router:-:::::::*
cisco	vedge_1000_router	-	cpe:2.3:h:cisco:vedge_1000_router:-:::::::*
cisco	vedge_100b_router	-	cpe:2.3:h:cisco:vedge_100b_router:-:::::::*
cisco	vedge_100m_router	-	cpe:2.3:h:cisco:vedge_100m_router:-:::::::*
cisco	vedge_100wm_router	-	cpe:2.3:h:cisco:vedge_100wm_router:-:::::::*
cisco	vedge_2000_router	-	cpe:2.3:h:cisco:vedge_2000_router:-:::::::*

Rows per page:

1-10 of 131

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-abyp-TnGFHrS

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

31.7%

JSON

Related for NVD:CVE-2021-1305

prion1 cvelist1 cve1 nessus1 cisco1