First published: Thu May 06 2021(Updated: )
A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster mode. This vulnerability is due to the absence of authentication for sensitive information in the cluster management interface. An attacker could exploit this vulnerability by sending a crafted request to the cluster management interface of an affected system. A successful exploit could allow the attacker to allow the attacker to view sensitive information on the affected system.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco SD-WAN vManage | <20.5.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-1535 is a vulnerability in the cluster management interface of Cisco SD-WAN vManage Software that could allow an unauthenticated, remote attacker to view sensitive information on an affected system.
CVE-2021-1535 affects Cisco SD-WAN vManage Software that is in cluster mode and allows an unauthenticated, remote attacker to view sensitive information.
The severity of CVE-2021-1535 is medium with a CVSS score of 5.3.
To fix CVE-2021-1535 in Cisco SD-WAN vManage Software, it is recommended to update to version 20.5.1 or later.
More information about CVE-2021-1535 can be found in the Cisco Security Advisory: [https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanageinfdis-LKrFpbv](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanageinfdis-LKrFpbv)