ID

VAR-202101-1043


CVE

CVE-2021-1302


TITLE

Cisco SD-WAN vManage Software Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202101-1534

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco

Trust: 1.08

sources: NVD: CVE-2021-1302 // VULHUB: VHN-374356 // VULMON: CVE-2021-1302

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2021-1302

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1302
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1302
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202101-1534
value: HIGH

Trust: 0.6

VULHUB: VHN-374356
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1302
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1302
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-374356
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1302
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: VULHUB: VHN-374356 // VULMON: CVE-2021-1302 // CNNVD: CNNVD-202101-1534 // NVD: CVE-2021-1302 // NVD: CVE-2021-1302

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2021-1302

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1534

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202101-1534

PATCH

title:Cisco SD-WAN vManage Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139797

Trust: 0.6

title:Cisco: Cisco SD-WAN vManage Authorization Bypass Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-abyp-TnGFHrS

Trust: 0.1

title: - url:https://www.theregister.co.uk/2021/01/22/cisco_critical_vulnerabilities/

Trust: 0.1

sources: VULMON: CVE-2021-1302 // CNNVD: CNNVD-202101-1534

EXTERNAL IDS

db:NVDid:CVE-2021-1302

Trust: 1.8

db:AUSCERTid:ESB-2021.0244

Trust: 0.6

db:CNNVDid:CNNVD-202101-1534

Trust: 0.6

db:VULHUBid:VHN-374356

Trust: 0.1

db:VULMONid:CVE-2021-1302

Trust: 0.1

sources: VULHUB: VHN-374356 // VULMON: CVE-2021-1302 // CNNVD: CNNVD-202101-1534 // NVD: CVE-2021-1302

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-abyp-tngfhrs

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1302

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0244/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/195325

Trust: 0.1

sources: VULHUB: VHN-374356 // VULMON: CVE-2021-1302 // CNNVD: CNNVD-202101-1534 // NVD: CVE-2021-1302

SOURCES

db:VULHUBid:VHN-374356
db:VULMONid:CVE-2021-1302
db:CNNVDid:CNNVD-202101-1534
db:NVDid:CVE-2021-1302

LAST UPDATE DATE

2024-08-14T13:54:17.713000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374356date:2021-01-29T00:00:00
db:VULMONid:CVE-2021-1302date:2021-01-29T00:00:00
db:CNNVDid:CNNVD-202101-1534date:2021-02-01T00:00:00
db:NVDid:CVE-2021-1302date:2023-11-07T03:27:54.840

SOURCES RELEASE DATE

db:VULHUBid:VHN-374356date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1302date:2021-01-20T00:00:00
db:CNNVDid:CNNVD-202101-1534date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1302date:2021-01-20T20:15:16.970