First published: Wed Jan 20 2021(Updated: )
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IOS XE SD-WAN | ||
Cisco Sd-wan Firmware | <20.3.2 | |
Cisco Sd-wan Firmware | =20.4.0 | |
Cisco Sd-wan Vsmart Controller Firmware | ||
Cisco Vedge 100 Router | ||
Cisco Vedge 1000 Router | ||
Cisco Vedge 100b Router | ||
Cisco Vedge 100m Router | ||
Cisco Vedge 100wm Router | ||
Cisco Vedge 2000 Router | ||
Cisco Vedge 5000 Router | ||
Cisco Vedge Cloud Router | ||
Cisco Sd-wan Vbond Orchestrator |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-1305 is a vulnerability in the web-based management interface of Cisco SD-WAN vManage Software.
CVE-2021-1305 has a severity rating of 4.3 (high).
CVE-2021-1305 affects Cisco IOS XE SD-WAN, Cisco SD-WAN Firmware (versions up to 20.3.2 and exactly 20.4.0), and Cisco SD-WAN vSmart Controller Firmware.
An authenticated, remote attacker can bypass authorization, modify the configuration of an affected system, gain access to sensitive information, and view unauthorized information.
Apply the necessary patches and updates provided by Cisco to address the vulnerabilities in the affected software.