VDB

CVE-2021-1528

CVE-2021-1528 PUBLISHED CVSS 7.800000190734863 HIGH

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this vulnerability by invoking a privileged process in the affected system. A successful exploit could allow the attacker to perform actions with the privileges of the root user.

EPSS 0.06% · 18.1th percentile

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.06%
18.1th percentile

Affected Products

VendorProductVersions
ciscocatalyst_sd-wan_manager20.5, 20.4
ciscovedge_100b_firmware20.4, 20.5, 20.4
ciscovedge_100wm_firmware20.4, 20.5
ciscovedge_100m_firmware20.5, 20.4
CiscoCisco SD-WAN Solutionn/a
ciscovedge_5000_firmware20.5, 20.4
ciscosd-wan_vbond_orchestrator20.5, 20.4
ciscovedge_100_firmware20.4, 20.5
ciscovedge_cloud_firmware20.5, 20.4
ciscovsmart_controller20.4, 20.5
ciscovedge_1000_firmware20.4, 20.5
ciscovedge_2000_firmware20.5, 20.4

Exploit Intelligence

Timeline

  • Apr 13, 2021 CVE Published
  • Jun 5, 2021 EPSS Score
  • Aug 7, 2021 EPSS Score
  • Oct 7, 2021 EPSS Score
  • Dec 7, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Apr 8, 2022 EPSS Score
  • Jun 8, 2022 EPSS Score
  • Aug 9, 2022 EPSS Score
  • Oct 8, 2022 EPSS Score
  • Dec 8, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›