CVE-2021-1298

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN products (affected versions not specified)

Description The issue concerns multiple vulnerabilities in Cisco SD-WAN products that could allow an authenticated attacker to perform command injection attacks against an affected device. This could enable the attacker to take certain actions with root privileges on the device. Specifically, the vulnerability in the vAnalytics function of the Cisco SD-WAN solution is related to insufficient input validation, which could allow a remote attacker to impact data integrity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.