ID

VAR-202104-0878


CVE

CVE-2021-1480


TITLE

Cisco SD-WAN vManage Software Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-458

DESCRIPTION

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Cisco® SD-WAN vManage is a software from Cisco that provides software-defined network functions. The software is a form of network virtualization

Trust: 1.08

sources: NVD: CVE-2021-1480 // VULHUB: VHN-374534 // VULMON: CVE-2021-1480

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.4.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.4

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:ltversion:20.3.3

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:gteversion:19.3

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:ltversion:19.2.4

Trust: 1.0

sources: NVD: CVE-2021-1480

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1480
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1480
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-458
value: HIGH

Trust: 0.6

VULHUB: VHN-374534
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1480
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1480
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-374534
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1480
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: VULHUB: VHN-374534 // VULMON: CVE-2021-1480 // CNNVD: CNNVD-202104-458 // NVD: CVE-2021-1480 // NVD: CVE-2021-1480

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-119

Trust: 1.0

sources: VULHUB: VHN-374534 // NVD: CVE-2021-1480

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202104-458

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202104-458

PATCH

title:Cisco SD-WAN vManage Software Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147038

Trust: 0.6

title:Cisco: Cisco SD-WAN vManage Software Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-vmanage-YuTVWqy

Trust: 0.1

title:Exploit for CVE-2021-1480 (SD-WAN)url:https://github.com/xmco/sdwan-cve-2021-1480

Trust: 0.1

title:PoC in GitHuburl:https://github.com/manas3c/CVE-POC

Trust: 0.1

sources: VULMON: CVE-2021-1480 // CNNVD: CNNVD-202104-458

EXTERNAL IDS

db:NVDid:CVE-2021-1480

Trust: 1.8

db:CNNVDid:CNNVD-202104-458

Trust: 0.7

db:AUSCERTid:ESB-2021.1163

Trust: 0.6

db:VULHUBid:VHN-374534

Trust: 0.1

db:VULMONid:CVE-2021-1480

Trust: 0.1

sources: VULHUB: VHN-374534 // VULMON: CVE-2021-1480 // CNNVD: CNNVD-202104-458 // NVD: CVE-2021-1480

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmanage-yutvwqy

Trust: 1.9

url:https://www.auscert.org.au/bulletins/esb-2021.1163

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-1480

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://github.com/xmco/sdwan-cve-2021-1480

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374534 // VULMON: CVE-2021-1480 // CNNVD: CNNVD-202104-458 // NVD: CVE-2021-1480

SOURCES

db:VULHUBid:VHN-374534
db:VULMONid:CVE-2021-1480
db:CNNVDid:CNNVD-202104-458
db:NVDid:CVE-2021-1480

LAST UPDATE DATE

2024-08-14T15:17:17.286000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374534date:2022-08-05T00:00:00
db:VULMONid:CVE-2021-1480date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-202104-458date:2022-08-08T00:00:00
db:NVDid:CVE-2021-1480date:2023-11-07T03:28:24.607

SOURCES RELEASE DATE

db:VULHUBid:VHN-374534date:2021-04-08T00:00:00
db:VULMONid:CVE-2021-1480date:2021-04-08T00:00:00
db:CNNVDid:CNNVD-202104-458date:2021-04-07T00:00:00
db:NVDid:CVE-2021-1480date:2021-04-08T04:15:14.123