Lucene search

CiscoCVELIST:CVE-2021-1262

HistoryJan 20, 2021 - 7:57 p.m.

CVE-2021-1262 Cisco SD-WAN Command Injection Vulnerabilities

2021-01-2019:57:36

CWE-20

cisco

www.cve.org

cisco

sd-wan

command injection

vulnerabilities

authenticated attacker

root privileges

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8.4

Confidence

High

EPSS

Percentile

12.6%

JSON

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.

CNA Affected

[
  {
    "product": "Cisco SD-WAN Solution",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8.4

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2021-1262