Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-1528

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this vulnerability by invoking a privileged process in the affected system. A successful exploit could allow the attacker to perform actions with the privileges of the root user.

Published

2021-06-04T17:15:09.020

Last Modified

2024-11-21T05:44:33.277

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-250
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application cisco catalyst_sd-wan_manager < 20.4.2 Yes
Application cisco catalyst_sd-wan_manager < 20.5.1 Yes
Application cisco sd-wan_vbond_orchestrator < 20.4.2 Yes
Application cisco sd-wan_vbond_orchestrator < 20.5.1 Yes
Application cisco vsmart_controller < 20.4.2 Yes
Application cisco vsmart_controller < 20.5.1 Yes
Operating System cisco vedge_100_firmware < 20.4.2 Yes
Operating System cisco vedge_100_firmware < 20.5.1 Yes
Hardware cisco vedge_100 - No
Operating System cisco vedge_1000_firmware < 20.4.2 Yes
Operating System cisco vedge_1000_firmware < 20.5.1 Yes
Hardware cisco vedge_1000 - No
Operating System cisco vedge_100b_firmware < 20.4.2 Yes
Operating System cisco vedge_100b_firmware < 20.5.1 Yes
Hardware cisco vedge_100b - No
Operating System cisco vedge_100m_firmware < 20.4.2 Yes
Operating System cisco vedge_100m_firmware < 20.5.1 Yes
Hardware cisco vedge_100m - No
Operating System cisco vedge_100wm_firmware < 20.4.2 Yes
Operating System cisco vedge_100wm_firmware < 20.5.1 Yes
Hardware cisco vedge_100wm - No
Operating System cisco vedge_2000_firmware < 20.4.2 Yes
Operating System cisco vedge_2000_firmware < 20.5.1 Yes
Hardware cisco vedge_2000 - No
Operating System cisco vedge_5000_firmware < 20.4.2 Yes
Operating System cisco vedge_5000_firmware < 20.5.1 Yes
Hardware cisco vedge_5000 - No
Operating System cisco vedge_100b_firmware < 20.4.2 Yes
Operating System cisco vedge_100b_firmware < 20.5.1 Yes
Hardware cisco vedge_100b - No
Operating System cisco vedge_cloud_firmware < 20.4.2 Yes
Operating System cisco vedge_cloud_firmware < 20.5.1 Yes
Hardware cisco vedge_cloud - No
References