PT-2021-2972 · Cisco · Cisco Sd-Wan Vmanage

Published

2021-05-05

Updated

2021-05-14

CVE-2021-1535

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN vManage Software (affected versions not specified)

Description The issue is related to privilege management errors in the cluster management interface of Cisco SD-WAN, which could allow a remote attacker to gain unauthorized access to sensitive information. The vulnerability is due to the lack of authentication for sensitive information in the cluster management interface. An attacker could exploit this by sending a crafted request to the interface, potentially allowing them to view sensitive information on the affected system. The system must be in cluster mode to be affected by this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-497CWE-285

Related Identifiers

BDU:2021-02559

CVE-2021-1535

Affected Products

Cisco Sd-Wan Vmanage

PT-2021-2972 · Cisco · Cisco Sd-Wan Vmanage

CVE-2021-1535

Weakness Enumeration

Related Identifiers

Affected Products

References · 5