Lucene search

CiscoCVE-2021-1514

HistoryMay 06, 2021 - 1:15 p.m.

CVE-2021-1514

2021-05-0613:15:10

CWE-78

CWE-20

cisco

web.nvd.nist.gov

cisco

sd-wan

software

vulnerability

cli

authenticated

injection

arbitrary commands

nvd

cve-2021-1514

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

5.2%

JSON

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges.

Affected configurations

Nvd

Node

ciscocatalyst_sd-wan_managerRange20.1–20.1.1

ciscocatalyst_sd-wan_managerRange20.3–20.3.1

ciscocatalyst_sd-wan_managerRange20.4–20.4.1

ciscocatalyst_sd-wan_managerRange20.5–20.5.1

ciscosd-wan_vbond_orchestratorRange<18.3

ciscosd-wan_vbond_orchestratorRange20.1–20.1.1

ciscosd-wan_vbond_orchestratorRange20.3–20.3.1

ciscosd-wan_vbond_orchestratorRange20.4–20.4.1

ciscosd-wan_vbond_orchestratorRange20.5–20.5.1

ciscosd-wan_vmanageRange<18.3

Node

ciscovsmart_controller_firmwareRange<18.3

ciscovsmart_controller_firmwareRange20.1–20.1.1

ciscovsmart_controller_firmwareRange20.3–20.3.1

ciscovsmart_controller_firmwareRange20.4–20.4.1

ciscovsmart_controller_firmwareRange20.5–20.5.1

AND

ciscovsmart_controllerMatch-

Node

ciscovedge_100_firmwareRange<18.3

ciscovedge_100_firmwareRange20.1–20.1.1

ciscovedge_100_firmwareRange20.3–20.3.1

ciscovedge_100_firmwareRange20.4–20.4.1

ciscovedge_100_firmwareRange20.5–20.5.1

AND

ciscovedge_100Match-

Node

ciscovedge_1000_firmwareRange<18.3

ciscovedge_1000_firmwareRange20.1–20.1.1

ciscovedge_1000_firmwareRange20.3–20.3.1

ciscovedge_1000_firmwareRange20.4–20.4.1

ciscovedge_1000_firmwareRange20.5–20.5.1

AND

ciscovedge_1000Match-

Node

ciscovedge_100b_firmwareRange<18.3

ciscovedge_100b_firmwareRange20.1–20.1.1

ciscovedge_100b_firmwareRange20.3–20.3.1

ciscovedge_100b_firmwareRange20.4–20.4.1

ciscovedge_100b_firmwareRange20.5–20.5.1

AND

ciscovedge_100bMatch-

Node

ciscovedge_100m_firmwareRange<18.3

ciscovedge_100m_firmwareRange20.1–20.1.1

ciscovedge_100m_firmwareRange20.3–20.3.1

ciscovedge_100m_firmwareRange20.4–20.4.1

ciscovedge_100m_firmwareRange20.5–20.5.1

AND

ciscovedge_100mMatch-

Node

ciscovedge_100wm_firmwareRange<18.3

ciscovedge_100wm_firmwareRange20.1–20.1.1

ciscovedge_100wm_firmwareRange20.3–20.3.1

ciscovedge_100wm_firmwareRange20.4–20.4.1

ciscovedge_100wm_firmwareRange20.5–20.5.1

AND

ciscovedge_100wmMatch-

Node

ciscovedge_2000_firmwareRange<18.3

ciscovedge_2000_firmwareRange20.1–20.1.1

ciscovedge_2000_firmwareRange20.3–20.3.1

ciscovedge_2000_firmwareRange20.4–20.4.1

ciscovedge_2000_firmwareRange20.5–20.5.1

AND

ciscovedge_2000Match-

Node

ciscovedge_5000_firmwareRange<18.3

ciscovedge_5000_firmwareRange20.1–20.1.1

ciscovedge_5000_firmwareRange20.3–20.3.1

ciscovedge_5000_firmwareRange20.4–20.4.1

ciscovedge_5000_firmwareRange20.5–20.5.1

AND

ciscovedge_5000Match-

Node

ciscovedge-100b_firmwareRange<18.3

ciscovedge-100b_firmwareRange20.1–20.1.1

ciscovedge-100b_firmwareRange20.3–20.3.1

ciscovedge-100b_firmwareRange20.4–20.4.1

ciscovedge-100b_firmwareRange20.5–20.5.1

AND

ciscovedge-100bMatch-

Node

ciscovedge_cloud_firmwareRange<18.3

ciscovedge_cloud_firmwareRange20.1–20.1.1

ciscovedge_cloud_firmwareRange20.3–20.3.1

ciscovedge_cloud_firmwareRange20.4–20.4.1

ciscovedge_cloud_firmwareRange20.5–20.5.1

AND

ciscovedge_cloudMatch-

VendorProductVersionCPE
ciscocatalyst_sd-wan_manager*cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
ciscosd-wan_vbond_orchestrator*cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*
ciscosd-wan_vmanage*cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*
ciscovsmart_controller_firmware*cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*
ciscovsmart_controller-cpe:2.3:h:cisco:vsmart_controller:-:*:*:*:*:*:*:*
ciscovedge_100_firmware*cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*
ciscovedge_100-cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*
ciscovedge_1000_firmware*cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*
ciscovedge_1000-cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*
ciscovedge_100b_firmware*cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	catalyst_sd-wan_manager	*	cpe:2.3:a:cisco:catalyst_sd-wan_manager::::::::
cisco	sd-wan_vbond_orchestrator	*	cpe:2.3:a:cisco:sd-wan_vbond_orchestrator::::::::
cisco	sd-wan_vmanage	*	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
cisco	vsmart_controller_firmware	*	cpe:2.3:o:cisco:vsmart_controller_firmware::::::::
cisco	vsmart_controller	-	cpe:2.3:h:cisco:vsmart_controller:-:::::::*
cisco	vedge_100_firmware	*	cpe:2.3:o:cisco:vedge_100_firmware::::::::
cisco	vedge_100	-	cpe:2.3:h:cisco:vedge_100:-:::::::*
cisco	vedge_1000_firmware	*	cpe:2.3:o:cisco:vedge_1000_firmware::::::::
cisco	vedge_1000	-	cpe:2.3:h:cisco:vedge_1000:-:::::::*
cisco	vedge_100b_firmware	*	cpe:2.3:o:cisco:vedge_100b_firmware::::::::

Rows per page:

1-10 of 231

CNA Affected

[
  {
    "product": "Cisco SD-WAN Solution",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-QVszVUPy

Social References

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

5.2%

JSON

Related for CVE-2021-1514