Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.
References
Link | Resource |
---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
06 Oct 2023, 16:24
Type | Values Removed | Values Added |
---|---|---|
First Time |
Cisco catalyst Sd-wan Manager
|
|
CPE | cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:* |
29 Sep 2023, 15:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:* | |
First Time |
Cisco sd-wan Manager
|
29 Jan 2021, 14:47
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:cisco:sd-wan_firmware:19.2.99:*:*:*:*:*:*:* cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:sd-wan_firmware:18.4.6:*:*:*:*:*:*:* cpe:2.3:h:cisco:vedge_2000_router:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:sd-wan_firmware:19.2.3:*:*:*:*:*:*:* cpe:2.3:o:cisco:sd-wan_vsmart_controller_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:vedge_100wm_router:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:sd-wan_firmware:18.2.0:*:*:*:*:*:*:* cpe:2.3:h:cisco:vedge_5000_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:vedge_1000_router:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:sd-wan_firmware:18.3.8:*:*:*:*:*:*:* cpe:2.3:h:cisco:vedge_100m_router:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:sd-wan_firmware:18.3.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:sd-wan_firmware:20.1.0:*:*:*:*:*:*:* cpe:2.3:h:cisco:vedge_100b_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:vedge_100_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:vedge_cloud_router:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:* |
|
References | (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn - Vendor Advisory | |
CWE | CWE-77 | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
26 Jan 2021, 18:16
Type | Values Removed | Values Added |
---|---|---|
Summary | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. |
20 Jan 2021, 20:25
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-20 20:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-1261
Mitre link : CVE-2021-1261
CVE.ORG link : CVE-2021-1261
JSON object : View
Products Affected
cisco
- sd-wan_firmware
- vedge_100m_router
- vedge_100b_router
- vedge_cloud_router
- vedge_100wm_router
- vedge_100_router
- sd-wan_vsmart_controller_firmware
- vedge_5000_router
- catalyst_sd-wan_manager
- vedge_1000_router
- sd-wan_vbond_orchestrator
- vedge_2000_router