Details of VAR-202101-1040

ID

VAR-202101-1040

CVE

CVE-2021-1299

TITLE

plural Cisco SD-WAN Command injection vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-002616

DESCRIPTION

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco SD-WAN The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.8

sources: NVD: CVE-2021-1299 // JVNDB: JVNDB-2021-002616 // VULHUB: VHN-374353 // VULMON: CVE-2021-1299

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan	scope:	eq	version:	20.1.0	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.4.6	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	19.2.99	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.3.8	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	19.2.3	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.2.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan vbond orchestrator	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vsmart controller	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-002616 // NVD: CVE-2021-1299

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1299
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1299
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1299
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202101-1622
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374353
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-1299
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1299
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374353
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1299
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1299
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.0
Trust: 1.0
NVD:	CVE-2021-1299
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374353 // VULMON: CVE-2021-1299 // JVNDB: JVNDB-2021-002616 // CNNVD: CNNVD-202101-1622 // NVD: CVE-2021-1299 // NVD: CVE-2021-1299

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374353 // JVNDB: JVNDB-2021-002616 // NVD: CVE-2021-1299

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1622

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202101-1622

PATCH

title:	cisco-sa-sdwan-cmdinjm-9QMSmgcn	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn	Trust: 0.8
title:	Cisco SD-WAN products Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139964	Trust: 0.6
title:	Cisco: Cisco SD-WAN Command Injection Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-cmdinjm-9QMSmgcn	Trust: 0.1
title:	-	url:	https://threatpost.com/cisco-dna-center-bug-remote-attack/163302/	Trust: 0.1
title:	-	url:	https://threatpost.com/critical-cisco-sd-wan-bugs-rce-attacks/163204/	Trust: 0.1
title:	-	url:	https://www.theregister.co.uk/2021/01/22/cisco_critical_vulnerabilities/	Trust: 0.1

sources: VULMON: CVE-2021-1299 // JVNDB: JVNDB-2021-002616 // CNNVD: CNNVD-202101-1622

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1299	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-002616	Trust: 0.8
db:	CNNVD	id:	CNNVD-202101-1622	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.0241	Trust: 0.6
db:	VULHUB	id:	VHN-374353	Trust: 0.1
db:	VULMON	id:	CVE-2021-1299	Trust: 0.1

sources: VULHUB: VHN-374353 // VULMON: CVE-2021-1299 // JVNDB: JVNDB-2021-002616 // CNNVD: CNNVD-202101-1622 // NVD: CVE-2021-1299

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-cmdinjm-9qmsmgcn	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1299	Trust: 1.4
url:	https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-privilege-escalation-via-command-injection-34395	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0241/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/195306	Trust: 0.1
url:	https://threatpost.com/cisco-dna-center-bug-remote-attack/163302/	Trust: 0.1

sources: VULHUB: VHN-374353 // VULMON: CVE-2021-1299 // JVNDB: JVNDB-2021-002616 // CNNVD: CNNVD-202101-1622 // NVD: CVE-2021-1299

SOURCES

db:	VULHUB	id:	VHN-374353
db:	VULMON	id:	CVE-2021-1299
db:	JVNDB	id:	JVNDB-2021-002616
db:	CNNVD	id:	CNNVD-202101-1622
db:	NVD	id:	CVE-2021-1299

LAST UPDATE DATE

2024-08-14T13:23:53.805000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374353	date:	2021-01-27T00:00:00
db:	VULMON	id:	CVE-2021-1299	date:	2021-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-002616	date:	2021-09-27T09:06:00
db:	CNNVD	id:	CNNVD-202101-1622	date:	2021-02-03T00:00:00
db:	NVD	id:	CVE-2021-1299	date:	2023-10-06T16:24:48.993

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374353	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1299	date:	2021-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-002616	date:	2021-09-27T00:00:00
db:	CNNVD	id:	CNNVD-202101-1622	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1299	date:	2021-01-20T20:15:16.720