ID
VAR-202101-0783
CVE
CVE-2021-1225
TITLE
Cisco SD-WAN vManage In software SQL Injection vulnerability
Trust: 0.8
DESCRIPTION
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates values in SQL queries. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system. Cisco SD-WAN vManage The software SQL An injection vulnerability exists.Information may be obtained and information may be tampered with. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco
Trust: 1.8
AFFECTED PRODUCTS
| vendor: | cisco | model: | sd-wan vmanage | scope: | lt | version: | 19.2.3 | Trust: 1.0 |
| vendor: | シスコシステムズ | model: | cisco sd-wan vmanage | scope: | eq | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-89 | Trust: 1.1 |
| problemtype: | SQL injection (CWE-89) [ Other ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
SQL injection
Trust: 0.6
PATCH
| title: | cisco-sa-vman-sqlinjm-xV8dsjq5 | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-sqlinjm-xV8dsjq5 | Trust: 0.8 |
| title: | Cisco SD-WAN vManage Software SQL Repair measures for injecting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139780 | Trust: 0.6 |
| title: | Cisco: Cisco SD-WAN vManage SQL Injection Vulnerabilities | url: | https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-vman-sqlinjm-xV8dsjq5 | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2021-1225 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2021-002623 | Trust: 0.8 |
| db: | AUSCERT | id: | ESB-2021.0244 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202101-1516 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-374279 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2021-1225 | Trust: 0.1 |
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vman-sqlinjm-xv8dsjq5 | Trust: 2.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2021-1225 | Trust: 1.4 |
| url: | https://www.auscert.org.au/bulletins/esb-2021.0244/ | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/89.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | VULHUB | id: | VHN-374279 |
| db: | VULMON | id: | CVE-2021-1225 |
| db: | JVNDB | id: | JVNDB-2021-002623 |
| db: | CNNVD | id: | CNNVD-202101-1516 |
| db: | NVD | id: | CVE-2021-1225 |
LAST UPDATE DATE
2024-08-14T13:54:17.788000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-374279 | date: | 2021-01-27T00:00:00 |
| db: | VULMON | id: | CVE-2021-1225 | date: | 2021-01-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-002623 | date: | 2021-09-27T09:06:00 |
| db: | CNNVD | id: | CNNVD-202101-1516 | date: | 2021-02-01T00:00:00 |
| db: | NVD | id: | CVE-2021-1225 | date: | 2021-01-27T21:09:03.127 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-374279 | date: | 2021-01-20T00:00:00 |
| db: | VULMON | id: | CVE-2021-1225 | date: | 2021-01-20T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-002623 | date: | 2021-09-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-202101-1516 | date: | 2021-01-20T00:00:00 |
| db: | NVD | id: | CVE-2021-1225 | date: | 2021-01-20T21:15:11.867 |