Details of VAR-202101-1043

ID

VAR-202101-1043

CVE

CVE-2021-1302

TITLE

Cisco SD-WAN vManage Software Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202101-1534

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco

Trust: 1.08

sources: NVD: CVE-2021-1302 // VULHUB: VHN-374356 // VULMON: CVE-2021-1302

AFFECTED PRODUCTS

vendor:

cisco

model:

catalyst sd-wan manager

scope:

version:

Trust: 1.0

sources: NVD: CVE-2021-1302

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1302
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1302
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202101-1534
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374356
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1302
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1302
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374356
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1302
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-374356 // VULMON: CVE-2021-1302 // CNNVD: CNNVD-202101-1534 // NVD: CVE-2021-1302 // NVD: CVE-2021-1302

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0

sources: NVD: CVE-2021-1302

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1534

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202101-1534

PATCH

title:	Cisco SD-WAN vManage Software Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139797	Trust: 0.6
title:	Cisco: Cisco SD-WAN vManage Authorization Bypass Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-abyp-TnGFHrS	Trust: 0.1
title:	-	url:	https://www.theregister.co.uk/2021/01/22/cisco_critical_vulnerabilities/	Trust: 0.1

sources: VULMON: CVE-2021-1302 // CNNVD: CNNVD-202101-1534

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1302	Trust: 1.8
db:	AUSCERT	id:	ESB-2021.0244	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1534	Trust: 0.6
db:	VULHUB	id:	VHN-374356	Trust: 0.1
db:	VULMON	id:	CVE-2021-1302	Trust: 0.1

sources: VULHUB: VHN-374356 // VULMON: CVE-2021-1302 // CNNVD: CNNVD-202101-1534 // NVD: CVE-2021-1302

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-abyp-tngfhrs	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1302	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0244/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/195325	Trust: 0.1

sources: VULHUB: VHN-374356 // VULMON: CVE-2021-1302 // CNNVD: CNNVD-202101-1534 // NVD: CVE-2021-1302

SOURCES

db:	VULHUB	id:	VHN-374356
db:	VULMON	id:	CVE-2021-1302
db:	CNNVD	id:	CNNVD-202101-1534
db:	NVD	id:	CVE-2021-1302

LAST UPDATE DATE

2024-08-14T13:54:17.713000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374356	date:	2021-01-29T00:00:00
db:	VULMON	id:	CVE-2021-1302	date:	2021-01-29T00:00:00
db:	CNNVD	id:	CNNVD-202101-1534	date:	2021-02-01T00:00:00
db:	NVD	id:	CVE-2021-1302	date:	2023-11-07T03:27:54.840

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374356	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1302	date:	2021-01-20T00:00:00
db:	CNNVD	id:	CNNVD-202101-1534	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1302	date:	2021-01-20T20:15:16.970