First published: Thu Apr 08 2021(Updated: )
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Catalyst SD-WAN Manager | >=20.4<20.4.1 | |
Cisco SD-WAN vManage | <19.2.4 | |
Cisco SD-WAN vManage | >=19.3<20.3.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-1137 refers to multiple vulnerabilities in Cisco SD-WAN vManage Software that could allow an unauthenticated remote attacker to execute arbitrary code or allow an authenticated local attacker to gain escalated privileges on an affected system.
CVE-2021-1137 has a severity rating of 7.8 (High).
Cisco Catalyst SD-WAN Manager versions 20.4 and earlier, Cisco SD-WAN vManage versions up to 19.2.4, and Cisco SD-WAN vManage versions 19.3 to 20.3.3 are affected by CVE-2021-1137.
An unauthenticated remote attacker can exploit CVE-2021-1137 to execute arbitrary code, while an authenticated local attacker can gain escalated privileges on the affected system.
To fix CVE-2021-1137, it is recommended to apply the necessary security patches provided by Cisco. Refer to the Cisco Security Advisory for detailed information and guidance.