Details of VAR-202105-0629

ID

VAR-202105-0629

CVE

CVE-2021-1514

TITLE

Cisco SD-WAN Command injection vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2021-006841

DESCRIPTION

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges. Cisco SD-WAN The software contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco SD-WAN vManage is a software from Cisco that provides software-defined network functions. The software is a form of network virtualization

Trust: 2.34

sources: NVD: CVE-2021-1514 // JVNDB: JVNDB-2021-006841 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374568 // VULMON: CVE-2021-1514

AFFECTED PRODUCTS

vendor:	cisco	model:	vedge 100b	scope:	lt	version:	20.3.1	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	vedge 5000	scope:	gte	version:	20.3	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	lt	version:	20.3.1	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	gte	version:	20.1	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	lt	version:	18.3	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	lt	version:	20.4.1	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	gte	version:	20.3	Trust: 1.0
vendor:	cisco	model:	vedge-100b	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	lt	version:	20.4.1	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	lt	version:	20.1.1	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	gte	version:	20.1	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	lt	version:	20.3.1	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	lt	version:	20.3.1	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	gte	version:	20.3	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	lt	version:	20.1.1	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge-100b	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	lt	version:	20.4.1	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	lt	version:	18.3	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	gte	version:	20.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.3.1	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	gte	version:	20.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	vedge-100b	scope:	gte	version:	20.1	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	lt	version:	20.1.1	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.1	Trust: 1.0
vendor:	cisco	model:	vedge 5000	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	lt	version:	20.1.1	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	lt	version:	20.1.1	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	gte	version:	20.3	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	gte	version:	20.1	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	lt	version:	20.3.1	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	lt	version:	20.4.1	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge-100b	scope:	lt	version:	20.1.1	Trust: 1.0
vendor:	cisco	model:	vedge 5000	scope:	lt	version:	18.3	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	lt	version:	20.3.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	lt	version:	18.3	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	gte	version:	20.1	Trust: 1.0
vendor:	cisco	model:	vedge-100b	scope:	gte	version:	20.3	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	18.3	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge 5000	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	gte	version:	20.3	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	lt	version:	20.3.1	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	lt	version:	18.3	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	vedge 5000	scope:	lt	version:	20.1.1	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	lt	version:	18.3	Trust: 1.0
vendor:	cisco	model:	vedge 5000	scope:	lt	version:	20.4.1	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	lt	version:	20.1.1	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	gte	version:	20.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	lt	version:	20.1.1	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	lt	version:	20.4.1	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	gte	version:	20.1	Trust: 1.0
vendor:	cisco	model:	vedge 5000	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	lt	version:	18.3	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge 100b	scope:	lt	version:	20.4.1	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	lt	version:	20.3.1	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	lt	version:	18.3	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	gte	version:	20.1	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	gte	version:	20.1	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	lt	version:	20.1.1	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	lt	version:	20.1.1	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	lt	version:	20.4.1	Trust: 1.0
vendor:	cisco	model:	vedge-100b	scope:	lt	version:	18.3	Trust: 1.0
vendor:	cisco	model:	vedge-100b	scope:	lt	version:	20.3.1	Trust: 1.0
vendor:	cisco	model:	vedge 1000	scope:	gte	version:	20.3	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vedge 100m	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	lt	version:	20.4.1	Trust: 1.0
vendor:	cisco	model:	vedge 100wm	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	gte	version:	20.3	Trust: 1.0
vendor:	cisco	model:	vedge 2000	scope:	gte	version:	20.3	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	lt	version:	20.4.1	Trust: 1.0
vendor:	cisco	model:	vedge 5000	scope:	lt	version:	20.3.1	Trust: 1.0
vendor:	cisco	model:	vedge 5000	scope:	gte	version:	20.1	Trust: 1.0
vendor:	cisco	model:	vedge-100b	scope:	lt	version:	20.4.1	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	lt	version:	18.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.1.1	Trust: 1.0
vendor:	cisco	model:	vedge-100b	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	lt	version:	18.3	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	gte	version:	20.1	Trust: 1.0
vendor:	cisco	model:	vedge 100	scope:	lt	version:	20.3.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.4.1	Trust: 1.0
vendor:	cisco	model:	vsmart controller	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.3	Trust: 1.0
vendor:	cisco	model:	vedge cloud	scope:	gte	version:	20.5	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan vbond orchestrator	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 1000	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 100m	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 5000	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vsmart controller	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 100b	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 2000	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 100	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	vedge 100wm	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-006841 // NVD: CVE-2021-1514

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1514
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1514
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1514
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-144
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374568
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1514
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1514
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374568
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1514
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1514
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	2.5
version:	3.0
Trust: 1.0
NVD:	CVE-2021-1514
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374568 // VULMON: CVE-2021-1514 // JVNDB: JVNDB-2021-006841 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-144 // NVD: CVE-2021-1514 // NVD: CVE-2021-1514

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.1
problemtype:	CWE-20	Trust: 1.0
problemtype:	Command injection (CWE-77) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374568 // JVNDB: JVNDB-2021-006841 // NVD: CVE-2021-1514

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-144

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	cisco-sa-sdwan-privesc-QVszVUPy	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-QVszVUPy	Trust: 0.8
title:	Cisco SD-WAN vManage Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151198	Trust: 0.6
title:	Cisco: Cisco SD-WAN Software Privilege Escalation Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-privesc-QVszVUPy	Trust: 0.1

sources: VULMON: CVE-2021-1514 // JVNDB: JVNDB-2021-006841 // CNNVD: CNNVD-202105-144

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1514	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-006841	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021050623	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1535	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-144	Trust: 0.6
db:	VULHUB	id:	VHN-374568	Trust: 0.1
db:	VULMON	id:	CVE-2021-1514	Trust: 0.1

sources: VULHUB: VHN-374568 // VULMON: CVE-2021-1514 // JVNDB: JVNDB-2021-006841 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-144 // NVD: CVE-2021-1514

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-privesc-qvszvupy	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1514	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021050623	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1535	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-privilege-escalation-via-cli-35265	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374568 // VULMON: CVE-2021-1514 // JVNDB: JVNDB-2021-006841 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-144 // NVD: CVE-2021-1514

SOURCES

db:	VULHUB	id:	VHN-374568
db:	VULMON	id:	CVE-2021-1514
db:	JVNDB	id:	JVNDB-2021-006841
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-144
db:	NVD	id:	CVE-2021-1514

LAST UPDATE DATE

2024-08-14T13:06:42.042000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374568	date:	2022-08-05T00:00:00
db:	VULMON	id:	CVE-2021-1514	date:	2021-05-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-006841	date:	2022-01-21T08:20:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-144	date:	2022-08-08T00:00:00
db:	NVD	id:	CVE-2021-1514	date:	2023-10-16T16:35:25.220

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374568	date:	2021-05-06T00:00:00
db:	VULMON	id:	CVE-2021-1514	date:	2021-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-006841	date:	2022-01-21T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-144	date:	2021-05-05T00:00:00
db:	NVD	id:	CVE-2021-1514	date:	2021-05-06T13:15:10.887