VDB

CISCO-SA-CATALYST-TLS-PQND5KEJ

CISCO-SA-CATALYST-TLS-PQND5KEJ PUBLISHED CVSS 5.900000095367432 MEDIUM

A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper validation of certificates that are used by the Smart Licensing feature. An attacker with a privileged network position could exploit this vulnerability by intercepting traffic that is sent over the Internet. A successful exploit could allow the attacker to gain access to sensitive information, including credentials used by the device to connect to Cisco cloud services. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Risk Scores

CVSS v3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Cisco Catalyst SD-WAN Manager

Timeline

  • May 7, 2025 CVE Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›