ID

VAR-202105-0618


CVE

CVE-2021-1505


TITLE

Cisco SD-WAN vManage  Software permission management vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-006600

DESCRIPTION

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. Cisco SD-WAN vManage The software contains a vulnerability in privilege management.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco

Trust: 2.34

sources: NVD: CVE-2021-1505 // JVNDB: JVNDB-2021-006600 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374559 // VULMON: CVE-2021-1505

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.4.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.5.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.4

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:ltversion:20.3.3

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.5

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-006600 // NVD: CVE-2021-1505

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1505
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1505
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-1505
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-222
value: HIGH

Trust: 0.6

VULHUB: VHN-374559
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1505
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1505
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374559
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1505
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1505
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-1505
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374559 // VULMON: CVE-2021-1505 // JVNDB: JVNDB-2021-006600 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-222 // NVD: CVE-2021-1505 // NVD: CVE-2021-1505

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.1

problemtype:CWE-20

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-374559 // JVNDB: JVNDB-2021-006600 // NVD: CVE-2021-1505

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-222

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:cisco-sa-sd-wan-vmanage-4TbynnhZurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ

Trust: 0.8

title:Cisco SD-WAN vManage Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150797

Trust: 0.6

title:Cisco: Cisco SD-WAN vManage Software Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sd-wan-vmanage-4TbynnhZ

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/cisco-bugs-allow-creating-admin-accounts-executing-commands-as-root/

Trust: 0.1

sources: VULMON: CVE-2021-1505 // JVNDB: JVNDB-2021-006600 // CNNVD: CNNVD-202105-222

EXTERNAL IDS

db:NVDid:CVE-2021-1505

Trust: 3.4

db:JVNDBid:JVNDB-2021-006600

Trust: 0.8

db:CNNVDid:CNNVD-202105-222

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.1529

Trust: 0.6

db:CS-HELPid:SB2021050616

Trust: 0.6

db:VULHUBid:VHN-374559

Trust: 0.1

db:VULMONid:CVE-2021-1505

Trust: 0.1

sources: VULHUB: VHN-374559 // VULMON: CVE-2021-1505 // JVNDB: JVNDB-2021-006600 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-222 // NVD: CVE-2021-1505

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-vmanage-4tbynnhz

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-1505

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021050616

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1529

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.bleepingcomputer.com/news/security/cisco-bugs-allow-creating-admin-accounts-executing-commands-as-root/

Trust: 0.1

sources: VULHUB: VHN-374559 // VULMON: CVE-2021-1505 // JVNDB: JVNDB-2021-006600 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-222 // NVD: CVE-2021-1505

SOURCES

db:VULHUBid:VHN-374559
db:VULMONid:CVE-2021-1505
db:JVNDBid:JVNDB-2021-006600
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-222
db:NVDid:CVE-2021-1505

LAST UPDATE DATE

2024-08-14T12:56:31.211000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374559date:2022-08-05T00:00:00
db:VULMONid:CVE-2021-1505date:2021-05-14T00:00:00
db:JVNDBid:JVNDB-2021-006600date:2022-01-14T03:03:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-222date:2022-08-10T00:00:00
db:NVDid:CVE-2021-1505date:2023-11-07T03:28:27.990

SOURCES RELEASE DATE

db:VULHUBid:VHN-374559date:2021-05-06T00:00:00
db:VULMONid:CVE-2021-1505date:2021-05-06T00:00:00
db:JVNDBid:JVNDB-2021-006600date:2022-01-14T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-222date:2021-05-06T00:00:00
db:NVDid:CVE-2021-1505date:2021-05-06T13:15:10.603