PT-2021-1802 · Cisco · Cisco Sd-Wan

James Spadaro

Published

2021-01-20

Updated

2024-06-10

CVE-2021-1262

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN products (affected versions not specified)

Description: The issue is related to multiple vulnerabilities in Cisco SD-WAN products that could allow an authenticated attacker to perform command injection attacks against an affected device. This could enable the attacker to take certain actions with root privileges on the device. The vulnerability is also associated with insufficient input validation in the command-line interface (CLI), which could allow an attacker to gain unauthorized access to protected information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Command Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-20

Related Identifiers

BDU:2021-00555

CVE-2021-1262

Affected Products

Cisco Sd-Wan

PT-2021-1802 · Cisco · Cisco Sd-Wan

CVE-2021-1262

Weakness Enumeration

Related Identifiers

Affected Products

References · 6