CVE-2021-34712 — Vulnetix

CVE-2021-34712 PUBLISHED CVSS 5.400000095367432 MEDIUM

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information.

EPSS 0.07% · 22.3th percentile

Risk Scores

CVSS 3.1

5.400000095367432

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS Score

0.07%

22.3th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco SD-WAN vManage	n/a
cisco	catalyst_sd-wan_manager	20.4, 20.5, 20.6
cisco	sd-wan_vmanage	20.3

Exploit Intelligence

20210922 Cisco SD-WAN vManage Software Cypher Query Language Injection Vulnerability (circl)

Timeline

Sep 23, 2021 EPSS Score
Sep 23, 2021 CVE Published
Nov 19, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Jan 15, 2022 EPSS Score
Mar 14, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 10, 2022 EPSS Score
Jul 6, 2022 EPSS Score
Sep 2, 2022 EPSS Score
Oct 29, 2022 EPSS Score
Dec 26, 2022 EPSS Score

References

20210922 Cisco SD-WAN vManage Software Cypher Query Language Injection Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-34712 advisory

Open in Interactive Console →