Details of VAR-202101-1044

ID

VAR-202101-1044

CVE

CVE-2021-1261

TITLE

Multiple Cisco SD-WAN Product injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202101-1555

DESCRIPTION

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory

Trust: 1.08

sources: NVD: CVE-2021-1261 // VULHUB: VHN-374315 // VULMON: CVE-2021-1261

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan	scope:	eq	version:	20.1.0	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.4.6	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	19.2.99	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.3.8	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	19.2.3	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.2.0	Trust: 1.0

sources: NVD: CVE-2021-1261

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1261
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1261
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202101-1555
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374315
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-1261
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1261
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374315
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1261
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1261
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-374315 // VULMON: CVE-2021-1261 // CNNVD: CNNVD-202101-1555 // NVD: CVE-2021-1261 // NVD: CVE-2021-1261

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.1
problemtype:	CWE-20	Trust: 1.0

sources: VULHUB: VHN-374315 // NVD: CVE-2021-1261

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1555

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202101-1555

PATCH

title:	Multiple Cisco SD-WAN Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139813	Trust: 0.6
title:	Cisco: Cisco SD-WAN Command Injection Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-cmdinjm-9QMSmgcn	Trust: 0.1
title:	-	url:	https://www.theregister.co.uk/2021/01/22/cisco_critical_vulnerabilities/	Trust: 0.1

sources: VULMON: CVE-2021-1261 // CNNVD: CNNVD-202101-1555

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1261	Trust: 1.8
db:	AUSCERT	id:	ESB-2021.0241	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1555	Trust: 0.6
db:	VULHUB	id:	VHN-374315	Trust: 0.1
db:	VULMON	id:	CVE-2021-1261	Trust: 0.1

sources: VULHUB: VHN-374315 // VULMON: CVE-2021-1261 // CNNVD: CNNVD-202101-1555 // NVD: CVE-2021-1261

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-cmdinjm-9qmsmgcn	Trust: 2.5
url:	https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-privilege-escalation-via-command-injection-34395	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0241/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1261	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374315 // VULMON: CVE-2021-1261 // CNNVD: CNNVD-202101-1555 // NVD: CVE-2021-1261

SOURCES

db:	VULHUB	id:	VHN-374315
db:	VULMON	id:	CVE-2021-1261
db:	CNNVD	id:	CNNVD-202101-1555
db:	NVD	id:	CVE-2021-1261

LAST UPDATE DATE

2024-08-14T13:23:53.901000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374315	date:	2021-01-29T00:00:00
db:	VULMON	id:	CVE-2021-1261	date:	2021-01-29T00:00:00
db:	CNNVD	id:	CNNVD-202101-1555	date:	2021-02-02T00:00:00
db:	NVD	id:	CVE-2021-1261	date:	2023-10-06T16:24:48.993

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374315	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1261	date:	2021-01-20T00:00:00
db:	CNNVD	id:	CNNVD-202101-1555	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1261	date:	2021-01-20T20:15:14.800