ID

VAR-202101-1030


CVE

CVE-2021-1304


TITLE

Cisco SD-WAN vManage Software Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202101-1532

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco

Trust: 1.08

sources: NVD: CVE-2021-1304 // VULHUB: VHN-374358 // VULMON: CVE-2021-1304

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2021-1304

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1304
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1304
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202101-1532
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374358
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1304
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1304
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-374358
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1304
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1304
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-374358 // VULMON: CVE-2021-1304 // CNNVD: CNNVD-202101-1532 // NVD: CVE-2021-1304 // NVD: CVE-2021-1304

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2021-1304

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1532

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202101-1532

PATCH

title:Cisco SD-WAN vManage Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139795

Trust: 0.6

title:Cisco: Cisco SD-WAN vManage Authorization Bypass Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-abyp-TnGFHrS

Trust: 0.1

title: - url:https://www.theregister.co.uk/2021/01/22/cisco_critical_vulnerabilities/

Trust: 0.1

sources: VULMON: CVE-2021-1304 // CNNVD: CNNVD-202101-1532

EXTERNAL IDS

db:NVDid:CVE-2021-1304

Trust: 1.8

db:AUSCERTid:ESB-2021.0244

Trust: 0.6

db:CNNVDid:CNNVD-202101-1532

Trust: 0.6

db:VULHUBid:VHN-374358

Trust: 0.1

db:VULMONid:CVE-2021-1304

Trust: 0.1

sources: VULHUB: VHN-374358 // VULMON: CVE-2021-1304 // CNNVD: CNNVD-202101-1532 // NVD: CVE-2021-1304

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-abyp-tngfhrs

Trust: 2.4

url:https://www.auscert.org.au/bulletins/esb-2021.0244/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-1304

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/195327

Trust: 0.1

sources: VULHUB: VHN-374358 // VULMON: CVE-2021-1304 // CNNVD: CNNVD-202101-1532 // NVD: CVE-2021-1304

SOURCES

db:VULHUBid:VHN-374358
db:VULMONid:CVE-2021-1304
db:CNNVDid:CNNVD-202101-1532
db:NVDid:CVE-2021-1304

LAST UPDATE DATE

2024-08-14T13:54:17.735000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374358date:2021-01-29T00:00:00
db:VULMONid:CVE-2021-1304date:2021-01-29T00:00:00
db:CNNVDid:CNNVD-202101-1532date:2021-02-01T00:00:00
db:NVDid:CVE-2021-1304date:2023-11-07T03:27:55.023

SOURCES RELEASE DATE

db:VULHUBid:VHN-374358date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1304date:2021-01-20T00:00:00
db:CNNVDid:CNNVD-202101-1532date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1304date:2021-01-20T20:15:17.127