Details of VAR-202101-1046

ID

VAR-202101-1046

CVE

CVE-2021-1263

TITLE

Multiple Cisco Product Command Injection Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202101-1556

DESCRIPTION

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory

Trust: 1.08

sources: NVD: CVE-2021-1263 // VULHUB: VHN-374317 // VULMON: CVE-2021-1263

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan	scope:	eq	version:	20.1.0	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.4.6	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	19.2.99	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.3.8	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	19.2.3	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.2.0	Trust: 1.0

sources: NVD: CVE-2021-1263

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1263
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1263
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202101-1556
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374317
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-1263
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1263
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374317
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1263
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1263
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-374317 // VULMON: CVE-2021-1263 // CNNVD: CNNVD-202101-1556 // NVD: CVE-2021-1263 // NVD: CVE-2021-1263

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.1
problemtype:	CWE-20	Trust: 1.0

sources: VULHUB: VHN-374317 // NVD: CVE-2021-1263

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1556

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202101-1556

PATCH

title:	Multiple Cisco SD-WAN Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139814	Trust: 0.6
title:	Cisco: Cisco SD-WAN Command Injection Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-cmdinjm-9QMSmgcn	Trust: 0.1
title:	-	url:	https://www.theregister.co.uk/2021/01/22/cisco_critical_vulnerabilities/	Trust: 0.1

sources: VULMON: CVE-2021-1263 // CNNVD: CNNVD-202101-1556

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1263	Trust: 1.8
db:	AUSCERT	id:	ESB-2021.0241	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1556	Trust: 0.6
db:	VULHUB	id:	VHN-374317	Trust: 0.1
db:	VULMON	id:	CVE-2021-1263	Trust: 0.1

sources: VULHUB: VHN-374317 // VULMON: CVE-2021-1263 // CNNVD: CNNVD-202101-1556 // NVD: CVE-2021-1263

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-cmdinjm-9qmsmgcn	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1263	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-privilege-escalation-via-command-injection-34395	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0241/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/195304	Trust: 0.1

sources: VULHUB: VHN-374317 // VULMON: CVE-2021-1263 // CNNVD: CNNVD-202101-1556 // NVD: CVE-2021-1263

SOURCES

db:	VULHUB	id:	VHN-374317
db:	VULMON	id:	CVE-2021-1263
db:	CNNVD	id:	CNNVD-202101-1556
db:	NVD	id:	CVE-2021-1263

LAST UPDATE DATE

2024-08-14T13:23:53.655000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374317	date:	2021-01-29T00:00:00
db:	VULMON	id:	CVE-2021-1263	date:	2021-01-29T00:00:00
db:	CNNVD	id:	CNNVD-202101-1556	date:	2021-02-04T00:00:00
db:	NVD	id:	CVE-2021-1263	date:	2023-10-06T16:24:48.993

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374317	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1263	date:	2021-01-20T00:00:00
db:	CNNVD	id:	CNNVD-202101-1556	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1263	date:	2021-01-20T20:15:15.127