Details of VAR-202104-0878

ID

VAR-202104-0878

CVE

CVE-2021-1480

TITLE

Cisco SD-WAN vManage Software Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-458

DESCRIPTION

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Cisco® SD-WAN vManage is a software from Cisco that provides software-defined network functions. The software is a form of network virtualization

Trust: 1.08

sources: NVD: CVE-2021-1480 // VULHUB: VHN-374534 // VULMON: CVE-2021-1480

AFFECTED PRODUCTS

vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.4.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.3.3	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	gte	version:	19.3	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	19.2.4	Trust: 1.0

sources: NVD: CVE-2021-1480

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1480
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1480
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202104-458
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374534
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-1480
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1480
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374534
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1480
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-374534 // VULMON: CVE-2021-1480 // CNNVD: CNNVD-202104-458 // NVD: CVE-2021-1480 // NVD: CVE-2021-1480

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-119	Trust: 1.0

sources: VULHUB: VHN-374534 // NVD: CVE-2021-1480

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202104-458

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202104-458

PATCH

title:	Cisco SD-WAN vManage Software Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147038	Trust: 0.6
title:	Cisco: Cisco SD-WAN vManage Software Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-vmanage-YuTVWqy	Trust: 0.1
title:	Exploit for CVE-2021-1480 (SD-WAN)	url:	https://github.com/xmco/sdwan-cve-2021-1480	Trust: 0.1
title:	PoC in GitHub	url:	https://github.com/manas3c/CVE-POC	Trust: 0.1

sources: VULMON: CVE-2021-1480 // CNNVD: CNNVD-202104-458

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1480	Trust: 1.8
db:	CNNVD	id:	CNNVD-202104-458	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.1163	Trust: 0.6
db:	VULHUB	id:	VHN-374534	Trust: 0.1
db:	VULMON	id:	CVE-2021-1480	Trust: 0.1

sources: VULHUB: VHN-374534 // VULMON: CVE-2021-1480 // CNNVD: CNNVD-202104-458 // NVD: CVE-2021-1480

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmanage-yutvwqy	Trust: 1.9
url:	https://www.auscert.org.au/bulletins/esb-2021.1163	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1480	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://github.com/xmco/sdwan-cve-2021-1480	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374534 // VULMON: CVE-2021-1480 // CNNVD: CNNVD-202104-458 // NVD: CVE-2021-1480

SOURCES

db:	VULHUB	id:	VHN-374534
db:	VULMON	id:	CVE-2021-1480
db:	CNNVD	id:	CNNVD-202104-458
db:	NVD	id:	CVE-2021-1480

LAST UPDATE DATE

2024-08-14T15:17:17.286000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374534	date:	2022-08-05T00:00:00
db:	VULMON	id:	CVE-2021-1480	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-202104-458	date:	2022-08-08T00:00:00
db:	NVD	id:	CVE-2021-1480	date:	2023-11-07T03:28:24.607

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374534	date:	2021-04-08T00:00:00
db:	VULMON	id:	CVE-2021-1480	date:	2021-04-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-458	date:	2021-04-07T00:00:00
db:	NVD	id:	CVE-2021-1480	date:	2021-04-08T04:15:14.123