VDB

CVE-2021-1464

CVE-2021-1464 PUBLISHED CVSS 5 MEDIUM

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exists because the affected software has insufficient input validation for certain commands. An attacker could exploit this vulnerability by sending crafted requests to the affected commands of an affected system. A successful exploit could allow the attacker to bypass authorization checking and gain restricted access to the configuration data of the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

EPSS 0.26% · 49.1th percentile

Risk Scores

CVSS 3.1
5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/RL:X/RC:X/E:X
EPSS Score
0.26%
49.1th percentile

Affected Products

VendorProductVersions
ciscocatalyst_sd-wan_manager19.1.0, 17.2.4, 17.2.5
CiscoCisco Catalyst SD-WAN Manager19.2.1, 20.1.1.1, 20.1.1

Exploit Intelligence

Timeline

  • Nov 15, 2024 CVE Published
  • Nov 15, 2024 PoC Published
  • Nov 15, 2024 CVE Updated
  • Nov 16, 2024 EPSS Score
  • Dec 5, 2024 EPSS Score
  • Dec 22, 2024 EPSS Score
  • Jan 9, 2025 EPSS Score
  • Jan 26, 2025 EPSS Score
  • Feb 13, 2025 EPSS Score
  • Mar 3, 2025 EPSS Score
  • Mar 20, 2025 EPSS Score
  • Apr 7, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›