ID

VAR-202101-1044


CVE

CVE-2021-1261


TITLE

Multiple Cisco SD-WAN Product injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202101-1555

DESCRIPTION

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory

Trust: 1.08

sources: NVD: CVE-2021-1261 // VULHUB: VHN-374315 // VULMON: CVE-2021-1261

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wanscope:eqversion:20.1.0

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:18.4.6

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:19.2.99

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:18.3.0

Trust: 1.0

vendor:ciscomodel:sd-wan vsmart controllerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:18.3.8

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:19.2.3

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:18.2.0

Trust: 1.0

sources: NVD: CVE-2021-1261

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1261
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1261
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202101-1555
value: HIGH

Trust: 0.6

VULHUB: VHN-374315
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1261
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1261
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-374315
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1261
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1261
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-374315 // VULMON: CVE-2021-1261 // CNNVD: CNNVD-202101-1555 // NVD: CVE-2021-1261 // NVD: CVE-2021-1261

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.1

problemtype:CWE-20

Trust: 1.0

sources: VULHUB: VHN-374315 // NVD: CVE-2021-1261

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1555

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202101-1555

PATCH

title:Multiple Cisco SD-WAN Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139813

Trust: 0.6

title:Cisco: Cisco SD-WAN Command Injection Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-cmdinjm-9QMSmgcn

Trust: 0.1

title: - url:https://www.theregister.co.uk/2021/01/22/cisco_critical_vulnerabilities/

Trust: 0.1

sources: VULMON: CVE-2021-1261 // CNNVD: CNNVD-202101-1555

EXTERNAL IDS

db:NVDid:CVE-2021-1261

Trust: 1.8

db:AUSCERTid:ESB-2021.0241

Trust: 0.6

db:CNNVDid:CNNVD-202101-1555

Trust: 0.6

db:VULHUBid:VHN-374315

Trust: 0.1

db:VULMONid:CVE-2021-1261

Trust: 0.1

sources: VULHUB: VHN-374315 // VULMON: CVE-2021-1261 // CNNVD: CNNVD-202101-1555 // NVD: CVE-2021-1261

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-cmdinjm-9qmsmgcn

Trust: 2.5

url:https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-privilege-escalation-via-command-injection-34395

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0241/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-1261

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/77.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374315 // VULMON: CVE-2021-1261 // CNNVD: CNNVD-202101-1555 // NVD: CVE-2021-1261

SOURCES

db:VULHUBid:VHN-374315
db:VULMONid:CVE-2021-1261
db:CNNVDid:CNNVD-202101-1555
db:NVDid:CVE-2021-1261

LAST UPDATE DATE

2024-08-14T13:23:53.901000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374315date:2021-01-29T00:00:00
db:VULMONid:CVE-2021-1261date:2021-01-29T00:00:00
db:CNNVDid:CNNVD-202101-1555date:2021-02-02T00:00:00
db:NVDid:CVE-2021-1261date:2023-10-06T16:24:48.993

SOURCES RELEASE DATE

db:VULHUBid:VHN-374315date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1261date:2021-01-20T00:00:00
db:CNNVDid:CNNVD-202101-1555date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1261date:2021-01-20T20:15:14.800