VDB

CVE-2021-1470

CVE-2021-1470 PUBLISHED CVSS 4.900000095367432 MEDIUM

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected system. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the vManage database or the underlying operating system.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

EPSS 0.06% · 18.0th percentile

Risk Scores

CVSS 3.1
4.900000095367432
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/RL:X/RC:X/E:X
EPSS Score
0.06%
18.0th percentile

Affected Products

VendorProductVersions
CiscoCisco Catalyst SD-WAN Manager17.2.8, 20.1.12, 19.2.1
ciscocatalyst_sd-wan_manager17.2.4, 17.2.5, 17.2.6

Timeline

  • Nov 15, 2024 CVE Published
  • Nov 15, 2024 CVE Updated
  • Nov 16, 2024 EPSS Score
  • Dec 5, 2024 EPSS Score
  • Dec 22, 2024 EPSS Score
  • Jan 9, 2025 EPSS Score
  • Jan 26, 2025 EPSS Score
  • Feb 13, 2025 EPSS Score
  • Mar 3, 2025 EPSS Score
  • Mar 20, 2025 EPSS Score
  • Apr 7, 2025 EPSS Score
  • Apr 24, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›