First published: Thu May 06 2021(Updated: )
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Catalyst SD-WAN Manager | >=20.4<20.4.1 | |
Cisco Catalyst SD-WAN Manager | >=20.5<20.5.1 | |
Cisco SD-WAN vManage | <20.3.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-1275 is a vulnerability in Cisco SD-WAN vManage Software that could allow an unauthenticated remote attacker to execute arbitrary code or gain access to sensitive information.
CVE-2021-1275 has a severity rating of 7.5 out of 10, which is considered critical.
An attacker can exploit CVE-2021-1275 by sending specially crafted requests to the vulnerable software, allowing them to execute arbitrary code or gain unauthorized access to sensitive information.
Yes, Cisco has released software updates to address the vulnerabilities. It is recommended to upgrade to a fixed software release to mitigate the risk.
You can find more information about CVE-2021-1275 on the Cisco Security Advisory page at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ.