CVE-2021-1515

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN vManage Software (affected versions not specified)

Description The issue is related to insufficient access control in the Cisco SD-WAN vManage web interface, allowing a remote attacker to gain unauthorized access to protected information by sending specially crafted requests. This vulnerability is due to improper access controls on API endpoints when Cisco SD-WAN vManage Software is running in multi-tenant mode. An attacker with access to a device managed in the multi-tenant environment could exploit this vulnerability by sending a request to an affected API endpoint on the vManage system, potentially gaining access to sensitive information, including hashed credentials that could be used in future attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.