Multiple vulnerabilities in Cisco SD-WAN vManage
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2021-1508 CVE-2021-1506 CVE-2021-1505 CVE-2021-1468 CVE-2021-1275 CVE-2021-1284 CVE-2021-1515 CVE-2021-1507 CVE-2021-1535 CVE-2021-1234 CVE-2021-1486 |
| CWE-ID | CWE-284 CWE-264 CWE-287 CWE-399 CWE-79 CWE-285 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cisco SD-WAN vManage Other software / Other software solutions |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU52926
Risk: Medium
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-1508
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the cluster mode management interface. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco SD-WAN vManage: before 20.4.1
CPE2.3 External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28360
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU52925
Risk: Low
CVSSv4.0: 6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-1506
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the cluster mode management interface. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco SD-WAN vManage: before 20.4.1
CPE2.3 External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28402
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Security restrictions bypass
EUVDB-ID: #VU52924
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-1505
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the web-based management interface of Cisco SD-WAN vManage Software. A remote user can escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsCisco SD-WAN vManage: before 20.4.1
CPE2.3 External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28390
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Authentication
EUVDB-ID: #VU52923
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-1468
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests in cluster mode management interface. A remote attacker can bypass authentication process and compromise the affected system.
Install updates from vendor's website.
Vulnerable software versionsCisco SD-WAN vManage: before 20.4.1
CPE2.3 External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28454
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource management error
EUVDB-ID: #VU52922
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-1275
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources when processing API requests. A remote attacker can send multiple API requests to the application and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsCisco SD-WAN vManage: before 20.4.1
CPE2.3 External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv67264
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper Authentication
EUVDB-ID: #VU52919
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-1284
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A remote attacker on the local network can bypass authentication process and modify the configuration of an affected system.
Successful exploitation of the vulnerability may result in full system compromise.
Install updates from vendor's website.
Vulnerable software versionsCisco SD-WAN vManage: 19.1.0 - 20.5.0
CPE2.3- cpe:2.3:a:cisco_systems:cisco_sd-wan_vmanage:19.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_sd-wan_vmanage:19.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_sd-wan_vmanage:19.2.0:*:*:*:*:*:*:*
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-auth-bypass-65aYqcS2
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28360
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28390
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28402
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28454
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv67264
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper access control
EUVDB-ID: #VU52918
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-1515
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions to API endpoints. A remote non-authenticated attacker can bypass implemented security restrictions and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsCisco SD-WAN vManage: 20.1 - 20.4.0
CPE2.3- cpe:2.3:a:cisco_systems:cisco_sd-wan_vmanage:20.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_sd-wan_vmanage:20.1.0.20.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_sd-wan_vmanage:20.1.1:*:*:*:*:*:*:*
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-9VZO4gfU
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28372
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Stored cross-site scripting
EUVDB-ID: #VU52915
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-1507
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco SD-WAN vManage: 19.2.99 - 20.5.0
CPE2.3- cpe:2.3:a:cisco_systems:cisco_sd-wan_vmanage:19.2.99:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_sd-wan_vmanage:20.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_sd-wan_vmanage:20.1.0.20.1.1:*:*:*:*:*:*:*
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-xss-eN75jxtW
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28350
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24115
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper Authorization
EUVDB-ID: #VU52913
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-1535
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to absence of authentication for sensitive information in the cluster management interface. A remote non-authenticated attacker can send a specially crafted request to the cluster management interface and gain access to sensitive information.
To exploit the vulnerability the vManage Software must be in cluster mode.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco SD-WAN vManage: 19.2.3 - 20.5.0
CPE2.3- cpe:2.3:a:cisco_systems:cisco_sd-wan_vmanage:19.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_sd-wan_vmanage:19.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_sd-wan_vmanage:19.2.31:*:*:*:*:*:*:*
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanageinfdis-LKrFpbv
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw11097
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper Authorization
EUVDB-ID: #VU52912
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-1234
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to absence of authentication for sensitive information in the cluster management interface. A remote attacker can send a specially crafted request to the management interface and gain access to sensitive information.
Note, successful exploitation of the vulnerability requires that vManage software is in cluster mode.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco SD-WAN vManage: 19.1.0 - 20.5.0
CPE2.3- cpe:2.3:a:cisco_systems:cisco_sd-wan_vmanage:19.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_sd-wan_vmanage:19.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_sd-wan_vmanage:19.2.0:*:*:*:*:*:*:*
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmaninfdis3-OvdR6uu8
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28438
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28450
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Information disclosure
EUVDB-ID: #VU52910
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-1486
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper handling of HTTP headers. A remote attacker can send specially crafted HTTP requests and enumerate user accounts based on responses sent by the application.
Install updates from vendor's website.
Vulnerable software versionsCisco SD-WAN vManage: 20.3.0 - 20.3.2
CPE2.3- cpe:2.3:a:cisco_systems:cisco_sd-wan_vmanage:20.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_sd-wan_vmanage:20.3.2:*:*:*:*:*:*:*
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-enumeration-64eNnDKy
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx21265
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
