CVE-2021-1305
Published Jan 20, 2021
Last updated a year ago
Overview
- Description
- Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xe_sd-wan:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16266B9E-E613-45FA-A02B-51EED8BEFCC9"
},
{
"criteria": "cpe:2.3:o:cisco:sd-wan_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ADFA9DB8-3168-467D-8EE7-2368C072142E",
"versionEndExcluding": "20.3.2"
},
{
"criteria": "cpe:2.3:o:cisco:sd-wan_firmware:20.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12CB625A-C638-414A-95F9-9E147C897C60"
},
{
"criteria": "cpe:2.3:o:cisco:sd-wan_vsmart_controller_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AFBC49D2-5618-416A-AE3C-6421B8B09C80"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:vedge_100_router:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "66AEE108-5CF9-4F19-9A52-40850F850E91"
},
{
"criteria": "cpe:2.3:h:cisco:vedge_1000_router:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C7AF418B-E5C4-4FEA-A9B9-9D29002702CE"
},
{
"criteria": "cpe:2.3:h:cisco:vedge_100b_router:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E8282DC4-099F-4379-8B2A-7B876AE29779"
},
{
"criteria": "cpe:2.3:h:cisco:vedge_100m_router:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E9952ECE-2659-4CAC-B29C-6439391FADDB"
},
{
"criteria": "cpe:2.3:h:cisco:vedge_100wm_router:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BBAF9E5F-C858-44C8-9F81-0916324CF513"
},
{
"criteria": "cpe:2.3:h:cisco:vedge_2000_router:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1FA0F3A1-3442-4491-95D6-F5B17A09DB73"
},
{
"criteria": "cpe:2.3:h:cisco:vedge_5000_router:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E7E1CFE1-8CF7-48BE-833F-03F72B3BAFAB"
},
{
"criteria": "cpe:2.3:h:cisco:vedge_cloud_router:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E3773F59-DF2E-4387-8E27-C08FE1E6549D"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05AFD69C-BB2C-43E0-89CF-FDA00B8F4CB5"
}
],
"operator": "OR"
}
]
}
]