CVE-2021-1506

CVE Database · CVE-2021-1506

CVE-2021-1506

· CRITICALModified

CVSS v3.1

9.8

EPSS

1.76%

Published

May 6, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-20CWE-862

Affected Products (3)

cisco · catalyst_sd-wan_manager (up to 20.4.1)vulnerable

cisco · catalyst_sd-wan_manager (up to 20.5.1)vulnerable

cisco · sd-wan_vmanage (up to 20.3.3)vulnerable

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs