First published: Thu Sep 23 2021(Updated: )
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Catalyst SD-WAN Manager | >=20.4<=20.4.2 | |
Cisco Catalyst SD-WAN Manager | =20.5 | |
Cisco Catalyst SD-WAN Manager | =20.6 | |
Cisco SD-WAN vManage | >=20.3<20.3.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-34712.
The severity of CVE-2021-34712 is medium with a CVSS score of 6.5.
Cisco Catalyst SD-WAN Manager versions 20.4 and 20.5, as well as Cisco SD-WAN vManage versions 20.3 and 20.4, are affected by CVE-2021-34712.
An authenticated, remote attacker can exploit CVE-2021-34712 by conducting cypher query language injection attacks on the affected system.
Yes, Cisco has released a security advisory with information on how to mitigate the vulnerability. Please refer to the reference link for more details.