CVE-2021-1482

Опубликовано: 15 нояб. 2024

Источник: nvd

CVSS3: 6.4

EPSS Низкий

Описание

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system. This vulnerability is due to insufficient authorization checks. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to bypass authorization checking and gain access to sensitive information on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Ссылки

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.7:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.8:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.9:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.10:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.2.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.7:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.8:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.302:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.303:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.501_es:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.0.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.0.1a:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.1.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.31:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.32:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.097:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.098:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.099:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.929:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.3.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.2_937:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.12:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2.1_927:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2.1_930:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2_925:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2_928:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2_929:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2_937:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.4.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.4.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.4.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00049

Низкий

6.4 Medium

CVSS3

Дефекты

CWE-20

Связанные уязвимости

GHSA-922x-h9px-jp85

CVSS3: 6.4

github

около 1 года назад

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system. This vulnerability is due to insufficient authorization checks. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to bypass authorization checking and gain access to sensitive information on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

BDU:2021-02416

CVSS3: 6.4

fstec

почти 5 лет назад

Уязвимость веб-интерфейса vManage программно-определяемой сети Cisco SD-WAN, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 15%

0.00049

Низкий

6.4 Medium

CVSS3

Дефекты

CWE-20