CVE-2021-1260

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN (affected versions not specified)

Description: The issue is related to insufficient input validation in the command-line interface (CLI) of Cisco SD-WAN, which could allow an attacker to impact the confidentiality and integrity of protected information. It may enable an authenticated attacker to perform command injection attacks against an affected device, potentially allowing the attacker to take certain actions with root privileges on the device.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Command Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-20

Related Identifiers

BDU:2021-00554

CVE-2021-1260

Affected Products

Cisco Sd-Wan

CVE-2021-1260

Weakness Enumeration

Related Identifiers

Affected Products

References · 4