Lucene search

CiscoCISCO-SA-SDWAN-ABYP-TNGFHRS

HistoryJan 20, 2021 - 4:00 p.m.

Cisco SD-WAN vManage Authorization Bypass Vulnerabilities

2021-01-2016:00:00

tools.cisco.com

cisco

sd-wan

vmanage

authorization bypass

remote attacker

configuration modification

sensitive information

software updates

security advisory

EPSS

0.002

Percentile

54.5%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access.

For more information about these vulnerabilities, see the Details [“#details”] section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-abyp-TnGFHrS [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-abyp-TnGFHrS”]

Affected configurations

Vulners

Node

ciscocatalyst_sd-wan_managerMatchany

VendorProductVersionCPE
ciscocatalyst_sd-wan_manageranycpe:2.3:a:cisco:catalyst_sd-wan_manager:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	catalyst_sd-wan_manager	any	cpe:2.3:a:cisco:catalyst_sd-wan_manager:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-abyp-TnGFHrS

EPSS

0.002

Percentile

54.5%

JSON

Related for CISCO-SA-SDWAN-ABYP-TNGFHRS