Sign-up

ID

VAR-202101-1028


CVE

CVE-2021-1260


TITLE

Multiple Cisco Product Command Injection Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202101-1558

DESCRIPTION

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory

Trust: 1.08

sources: NVD: CVE-2021-1260 // VULHUB: VHN-374314 // VULMON: CVE-2021-1260

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wanscope:eqversion:20.1.0

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:18.4.6

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:19.2.99

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:18.3.0

Trust: 1.0

vendor:ciscomodel:sd-wan vsmart controllerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:18.3.8

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:19.2.3

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:18.2.0

Trust: 1.0

sources: NVD: CVE-2021-1260

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1260
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1260
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202101-1558
value: HIGH

Trust: 0.6

VULHUB: VHN-374314
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1260
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1260
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-374314
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1260
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1260
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-374314 // VULMON: CVE-2021-1260 // CNNVD: CNNVD-202101-1558 // NVD: CVE-2021-1260 // NVD: CVE-2021-1260

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.1

problemtype:CWE-20

Trust: 1.0

sources: VULHUB: VHN-374314 // NVD: CVE-2021-1260

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1558

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202101-1558

PATCH

title:Multiple Cisco SD-WAN Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139816

Trust: 0.6

title:Cisco: Cisco SD-WAN Command Injection Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-cmdinjm-9QMSmgcn

Trust: 0.1

title: - url:https://www.theregister.co.uk/2021/01/22/cisco_critical_vulnerabilities/

Trust: 0.1

sources: VULMON: CVE-2021-1260 // CNNVD: CNNVD-202101-1558

EXTERNAL IDS

db:NVDid:CVE-2021-1260

Trust: 1.8

db:AUSCERTid:ESB-2021.0241

Trust: 0.6

db:CNNVDid:CNNVD-202101-1558

Trust: 0.6

db:VULHUBid:VHN-374314

Trust: 0.1

db:VULMONid:CVE-2021-1260

Trust: 0.1

sources: VULHUB: VHN-374314 // VULMON: CVE-2021-1260 // CNNVD: CNNVD-202101-1558 // NVD: CVE-2021-1260

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-cmdinjm-9qmsmgcn

Trust: 2.5

url:https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-privilege-escalation-via-command-injection-34395

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0241/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-1260

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/77.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374314 // VULMON: CVE-2021-1260 // CNNVD: CNNVD-202101-1558 // NVD: CVE-2021-1260

SOURCES

db:VULHUBid:VHN-374314
db:VULMONid:CVE-2021-1260
db:CNNVDid:CNNVD-202101-1558
db:NVDid:CVE-2021-1260

LAST UPDATE DATE

2024-08-14T13:23:53.924000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374314date:2021-01-29T00:00:00
db:VULMONid:CVE-2021-1260date:2021-01-29T00:00:00
db:CNNVDid:CNNVD-202101-1558date:2021-02-03T00:00:00
db:NVDid:CVE-2021-1260date:2023-10-06T16:24:48.993

SOURCES RELEASE DATE

db:VULHUBid:VHN-374314date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1260date:2021-01-20T00:00:00
db:CNNVDid:CNNVD-202101-1558date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1260date:2021-01-20T20:15:14.643