CVE-2021-1528

Published: Jun 4, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this vulnerability by invoking a privileged process in the affected system. A successful exploit could allow the attacker to perform actions with the privileges of the root user.

Affected (22)

Products: Cisco: Catalyst Sd Wan Manager, Sd Wan Vbond Orchestrator, Vsmart Controller, Vedge 100 Firmware, Vedge 1000 Firmware, Vedge 100m Firmware, Vedge 100wm Firmware, Vedge 2000 Firmware, Vedge 5000 Firmware, Vedge 100b Firmware, Vedge Cloud Firmware

Cisco

11 products

Catalyst Sd Wan Manager

Sd Wan Vbond Orchestrator

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Cisco Catalyst Sd Wan Manager	From 20.4 to 20.4.2
Cisco Catalyst Sd Wan Manager	From 20.5 to 20.5.1
Cisco Sd Wan Vbond Orchestrator	From 20.4 to 20.4.2
Cisco Sd Wan Vbond Orchestrator	From 20.5 to 20.5.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Cisco Vsmart Controller	From 20.4 to 20.4.2
Cisco Vsmart Controller	From 20.5 to 20.5.1

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Vedge 100 Firmware	From 20.4 to 20.4.2
Cisco Vedge 100 Firmware	From 20.5 to 20.5.1

Running on/with	Platform Versions
Cisco Vedge 100	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Vedge 1000 Firmware	From 20.4 to 20.4.2
Cisco Vedge 1000 Firmware	From 20.5 to 20.5.1

Running on/with	Platform Versions
Cisco Vedge 1000	All versions

Configuration F

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Vedge 100m Firmware	From 20.4 to 20.4.2
Cisco Vedge 100m Firmware	From 20.5 to 20.5.1

Running on/with	Platform Versions
Cisco Vedge 100m	All versions

Configuration G

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Vedge 100wm Firmware	From 20.4 to 20.4.2
Cisco Vedge 100wm Firmware	From 20.5 to 20.5.1

Running on/with	Platform Versions
Cisco Vedge 100wm	All versions

Configuration H

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Vedge 2000 Firmware	From 20.4 to 20.4.2
Cisco Vedge 2000 Firmware	From 20.5 to 20.5.1

Running on/with	Platform Versions
Cisco Vedge 2000	All versions

Configuration I

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Vedge 5000 Firmware	From 20.4 to 20.4.2
Cisco Vedge 5000 Firmware	From 20.5 to 20.5.1

Running on/with	Platform Versions
Cisco Vedge 5000	All versions

Configuration J

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Vedge 100b Firmware	From 20.4 to 20.4.2
Cisco Vedge 100b Firmware	From 20.5 to 20.5.1

Running on/with	Platform Versions
Cisco Vedge 100b	All versions

Configuration K

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Vedge Cloud Firmware	From 20.4 to 20.4.2
Cisco Vedge Cloud Firmware	From 20.5 to 20.5.1

Running on/with	Platform Versions
Cisco Vedge Cloud	All versions

Related CWEs

CWE-250

Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-fuErCWwF

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-fuErCWwF

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.