ID

VAR-202101-1039


CVE

CVE-2021-1298


TITLE

plural  Cisco SD-WAN  Command injection vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-002615

DESCRIPTION

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco SD-WAN The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.8

sources: NVD: CVE-2021-1298 // JVNDB: JVNDB-2021-002615 // VULHUB: VHN-374352 // VULMON: CVE-2021-1298

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wanscope:eqversion:20.1.0

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:18.4.6

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:19.2.99

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:18.3.0

Trust: 1.0

vendor:ciscomodel:sd-wan vsmart controllerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:18.3.8

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:19.2.3

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:18.2.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wan vbond orchestratorscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vsmart controllerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002615 // NVD: CVE-2021-1298

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1298
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1298
value: HIGH

Trust: 1.0

NVD: CVE-2021-1298
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202101-1624
value: HIGH

Trust: 0.6

VULHUB: VHN-374352
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1298
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1298
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374352
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1298
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1298
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.0

Trust: 1.0

NVD: CVE-2021-1298
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374352 // VULMON: CVE-2021-1298 // JVNDB: JVNDB-2021-002615 // CNNVD: CNNVD-202101-1624 // NVD: CVE-2021-1298 // NVD: CVE-2021-1298

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.1

problemtype:CWE-20

Trust: 1.0

problemtype:Command injection (CWE-77) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-374352 // JVNDB: JVNDB-2021-002615 // NVD: CVE-2021-1298

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1624

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202101-1624

PATCH

title:cisco-sa-sdwan-cmdinjm-9QMSmgcnurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn

Trust: 0.8

title:Cisco SD-WAN Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139966

Trust: 0.6

title:Cisco: Cisco SD-WAN Command Injection Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-cmdinjm-9QMSmgcn

Trust: 0.1

title: - url:https://www.theregister.co.uk/2021/01/22/cisco_critical_vulnerabilities/

Trust: 0.1

sources: VULMON: CVE-2021-1298 // JVNDB: JVNDB-2021-002615 // CNNVD: CNNVD-202101-1624

EXTERNAL IDS

db:NVDid:CVE-2021-1298

Trust: 2.6

db:JVNDBid:JVNDB-2021-002615

Trust: 0.8

db:CNNVDid:CNNVD-202101-1624

Trust: 0.7

db:AUSCERTid:ESB-2021.0241

Trust: 0.6

db:VULHUBid:VHN-374352

Trust: 0.1

db:VULMONid:CVE-2021-1298

Trust: 0.1

sources: VULHUB: VHN-374352 // VULMON: CVE-2021-1298 // JVNDB: JVNDB-2021-002615 // CNNVD: CNNVD-202101-1624 // NVD: CVE-2021-1298

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-cmdinjm-9qmsmgcn

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1298

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-privilege-escalation-via-command-injection-34395

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0241/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/77.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374352 // VULMON: CVE-2021-1298 // JVNDB: JVNDB-2021-002615 // CNNVD: CNNVD-202101-1624 // NVD: CVE-2021-1298

SOURCES

db:VULHUBid:VHN-374352
db:VULMONid:CVE-2021-1298
db:JVNDBid:JVNDB-2021-002615
db:CNNVDid:CNNVD-202101-1624
db:NVDid:CVE-2021-1298

LAST UPDATE DATE

2024-08-14T13:23:53.594000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374352date:2021-01-27T00:00:00
db:VULMONid:CVE-2021-1298date:2021-01-27T00:00:00
db:JVNDBid:JVNDB-2021-002615date:2021-09-27T09:06:00
db:CNNVDid:CNNVD-202101-1624date:2021-02-03T00:00:00
db:NVDid:CVE-2021-1298date:2023-10-06T16:24:48.993

SOURCES RELEASE DATE

db:VULHUBid:VHN-374352date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1298date:2021-01-20T00:00:00
db:JVNDBid:JVNDB-2021-002615date:2021-09-27T00:00:00
db:CNNVDid:CNNVD-202101-1624date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1298date:2021-01-20T20:15:16.643