ID

VAR-202101-1045


CVE

CVE-2021-1262


TITLE

Multiple Cisco Product Command Injection Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202101-1557

DESCRIPTION

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory

Trust: 1.08

sources: NVD: CVE-2021-1262 // VULHUB: VHN-374316 // VULMON: CVE-2021-1262

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wan vsmart controllerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:20.1.2

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:20.3.2

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:20.3

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:20.4

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:19.3.0

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:19.2.4

Trust: 1.0

sources: NVD: CVE-2021-1262

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1262
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1262
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202101-1557
value: HIGH

Trust: 0.6

VULHUB: VHN-374316
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1262
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1262
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-374316
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1262
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1262
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-374316 // VULMON: CVE-2021-1262 // CNNVD: CNNVD-202101-1557 // NVD: CVE-2021-1262 // NVD: CVE-2021-1262

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.1

problemtype:CWE-20

Trust: 1.0

sources: VULHUB: VHN-374316 // NVD: CVE-2021-1262

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1557

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202101-1557

PATCH

title:Multiple Cisco SD-WAN Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139815

Trust: 0.6

title:Cisco: Cisco SD-WAN Command Injection Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-cmdinjm-9QMSmgcn

Trust: 0.1

title: - url:https://www.theregister.co.uk/2021/01/22/cisco_critical_vulnerabilities/

Trust: 0.1

sources: VULMON: CVE-2021-1262 // CNNVD: CNNVD-202101-1557

EXTERNAL IDS

db:NVDid:CVE-2021-1262

Trust: 1.8

db:AUSCERTid:ESB-2021.0241

Trust: 0.6

db:CNNVDid:CNNVD-202101-1557

Trust: 0.6

db:VULHUBid:VHN-374316

Trust: 0.1

db:VULMONid:CVE-2021-1262

Trust: 0.1

sources: VULHUB: VHN-374316 // VULMON: CVE-2021-1262 // CNNVD: CNNVD-202101-1557 // NVD: CVE-2021-1262

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-cmdinjm-9qmsmgcn

Trust: 2.4

url:https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-privilege-escalation-via-command-injection-34395

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0241/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-1262

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/77.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/195303

Trust: 0.1

sources: VULHUB: VHN-374316 // VULMON: CVE-2021-1262 // CNNVD: CNNVD-202101-1557 // NVD: CVE-2021-1262

SOURCES

db:VULHUBid:VHN-374316
db:VULMONid:CVE-2021-1262
db:CNNVDid:CNNVD-202101-1557
db:NVDid:CVE-2021-1262

LAST UPDATE DATE

2024-08-14T13:23:53.679000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374316date:2021-01-29T00:00:00
db:VULMONid:CVE-2021-1262date:2021-01-29T00:00:00
db:CNNVDid:CNNVD-202101-1557date:2021-02-03T00:00:00
db:NVDid:CVE-2021-1262date:2024-06-10T19:14:52.003

SOURCES RELEASE DATE

db:VULHUBid:VHN-374316date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1262date:2021-01-20T00:00:00
db:CNNVDid:CNNVD-202101-1557date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1262date:2021-01-20T20:15:14.970