PT-2021-1865 · Cisco · Cisco Sd-Wan

Alex Lumsden

Published

2021-01-20

Updated

2023-10-06

CVE-2021-1299

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN products (affected versions not specified)

Description The issue is related to multiple vulnerabilities in Cisco SD-WAN products that could allow an authenticated attacker to perform command injection attacks against an affected device. This could enable the attacker to take certain actions with root privileges on the device. The vulnerability in the vManage web interface is associated with insufficient input validation, which could allow a remote attacker to execute arbitrary commands with elevated privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Command Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-20

Related Identifiers

BDU:2021-00632

CVE-2021-1299

Affected Products

Cisco Sd-Wan

PT-2021-1865 · Cisco · Cisco Sd-Wan

CVE-2021-1299

Weakness Enumeration

Related Identifiers

Affected Products

References · 5