First published: Thu May 06 2021(Updated: )
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Catalyst SD-WAN Manager | >=20.4<20.4.1 | |
Cisco Catalyst SD-WAN Manager | >=20.5<20.5.1 | |
Cisco SD-WAN vManage | <20.3.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-1468 is a vulnerability in Cisco SD-WAN vManage Software that could allow an unauthenticated remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated local attacker to gain escalated privileges or unauthorized access to the application.
The severity of CVE-2021-1468 is critical with a CVSS score of 9.8.
Cisco Catalyst SD-WAN Manager versions 20.4 and 20.5, as well as Cisco SD-WAN vManage version up to 20.3.3, are affected by CVE-2021-1468.
An unauthenticated remote attacker can exploit CVE-2021-1468 to execute arbitrary code or gain access to sensitive information, while an authenticated local attacker can gain escalated privileges or unauthorized access to the application.
Cisco has released security updates to address the vulnerabilities in Cisco SD-WAN vManage Software. It is recommended to apply the necessary patches as soon as possible.