VDB
CVE-2021-1482
CVE-2021-1482
PUBLISHED
CVSS 6.400000095367432 MEDIUM
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system. This vulnerability is due to insufficient authorization checks. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to bypass authorization checking and gain access to sensitive information on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
EPSS 0.07% · 20.7th percentile
Risk Scores
CVSS 3.1
6.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/RL:X/RC:X/E:X
EPSS Score
0.07%
20.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager | 20.1.12, 19.2.1, 18.4.4 |
| cisco | catalyst_sd-wan_manager | 17.2.4, 17.2.5, 17.2.6 |
Exploit Intelligence
- CIRCL seen: CVE-2021-1482 (circl-sighting)
- cisco-sa-vman-auth-bypass-Z3Zze5XC (circl)
Timeline
- Nov 15, 2024 CVE Published
- Nov 15, 2024 PoC Published
- Nov 15, 2024 CVE Updated
- Nov 16, 2024 EPSS Score
- Dec 5, 2024 EPSS Score
- Dec 22, 2024 EPSS Score
- Jan 9, 2025 EPSS Score
- Jan 26, 2025 EPSS Score
- Feb 13, 2025 EPSS Score
- Mar 3, 2025 EPSS Score
- Mar 20, 2025 EPSS Score
- Apr 7, 2025 EPSS Score