CVE-2021-1464: Cisco SD-WAN vManage Authorization Bypass Vulnerability
First published: Fri Nov 15 2024(Updated: )
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exists because the affected software has insufficient input validation for certain commands. An attacker could exploit this vulnerability by sending crafted requests to the affected commands of an affected system. A successful exploit could allow the attacker to bypass authorization checking and gain restricted access to the configuration data of the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco SD-WAN vManage |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-authorization-b-GUEpSLK
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-xml-ext-entity-q6Z7uVUg
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-c7z9QqyB
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-sqlinj-HDJUeEAX
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vdaemon-bo-RuzzEA2
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-dir-trav-Bpwc5gtm
Frequently Asked Questions
What is the severity of CVE-2021-1464?
CVE-2021-1464 has a medium severity rating that indicates potential risk to affected systems.
How do I fix CVE-2021-1464?
To remediate CVE-2021-1464, users should upgrade to the latest version of Cisco SD-WAN vManage Software.
What type of attack does CVE-2021-1464 enable?
CVE-2021-1464 allows an authenticated, remote attacker to bypass authorization checks to access restricted configuration information.
Who is affected by CVE-2021-1464?
CVE-2021-1464 affects instances of Cisco SD-WAN vManage Software that are not patched against this vulnerability.
What are the consequences of CVE-2021-1464?
If exploited, CVE-2021-1464 can lead to unauthorized access to sensitive configuration data, potentially compromising system integrity.
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco sd-wan vmanage