CVE-2021-1481

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN vManage Software (affected versions not specified)

Description The issue is related to insufficient neutralization of special elements in data requests in the web-based management interface of Cisco SD-WAN vManage Software. This could allow a remote attacker to conduct Cypher query language injection attacks on an affected system, potentially obtaining sensitive information. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this by sending crafted HTTP requests to the interface of an affected system.

Recommendations For all affected versions, update to the latest software version that addresses this vulnerability, as released by Cisco. There are no workarounds that address this vulnerability. As a temporary measure, consider restricting access to the web-based management interface to minimize the risk of exploitation.