Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.
References
Link | Resource |
---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-abyp-TnGFHrS | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
20 Sep 2022, 17:04
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 |
CWE-863 |
28 Jan 2021, 17:06
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:o:cisco:sd-wan_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:sd-wan_firmware:20.4.0:*:*:*:*:*:*:* cpe:2.3:h:cisco:vedge_100m_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:vedge_100b_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:vedge_2000_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:vedge_100_router:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:ios_xe_sd-wan:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:vedge_100wm_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:vedge_cloud_router:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:sd-wan_vsmart_controller_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:vedge_5000_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:vedge_1000_router:-:*:*:*:*:*:*:* |
|
References | (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-abyp-TnGFHrS - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 4.3 |
26 Jan 2021, 18:16
Type | Values Removed | Values Added |
---|---|---|
Summary | Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory. |
20 Jan 2021, 20:25
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-20 20:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-1305
Mitre link : CVE-2021-1305
CVE.ORG link : CVE-2021-1305
JSON object : View
Products Affected
cisco
- vedge_100wm_router
- vedge_100_router
- vedge_1000_router
- sd-wan_vsmart_controller_firmware
- vedge_100b_router
- vedge_100m_router
- vedge_5000_router
- vedge_cloud_router
- vedge_2000_router
- sd-wan_vbond_orchestrator
- ios_xe_sd-wan
- sd-wan_firmware