CVE-2021-1470
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected system. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the vManage database or the underlying operating system.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
EPSS 0.06% · 18.0th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager | 17.2.8, 20.1.12, 19.2.1 |
| cisco | catalyst_sd-wan_manager | 17.2.4, 17.2.5, 17.2.6 |
Exploit Intelligence
Timeline
- Nov 15, 2024 CVE Published
- Nov 15, 2024 CVE Updated
- Nov 16, 2024 EPSS Score
- Dec 5, 2024 EPSS Score
- Dec 22, 2024 EPSS Score
- Jan 9, 2025 EPSS Score
- Jan 26, 2025 EPSS Score
- Feb 13, 2025 EPSS Score
- Mar 3, 2025 EPSS Score
- Mar 20, 2025 EPSS Score
- Apr 7, 2025 EPSS Score
- Apr 24, 2025 EPSS Score
References
- cisco-sa-sdw-sqlinj-HDJUeEAX url
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC url
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-c7z9QqyB url
- https://nvd.nist.gov/vuln/detail/CVE-2021-1470 advisory