Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-1486

Опубликовано: 06 мая 2021
Источник: nvd
CVSS3: 5.3
CVSS2: 5
EPSS Низкий

Описание

A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the HTTP responses that are returned by the affected system to determine which accounts are valid user accounts.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
Версия от 20.4 (включая) до 20.4.1 (исключая)
cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*
Версия до 20.3.3 (исключая)

EPSS

Процентиль: 58%
0.00365
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-203

Связанные уязвимости

github логотип

GHSA-q9x7-rrj5-j549

CVSS3: 5.3
github
больше 3 лет назад

A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the HTTP responses that are returned by the affected system to determine which accounts are valid user accounts.

fstec логотип

BDU:2021-02557

CVSS3: 5.3
fstec
почти 5 лет назад

Уязвимость веб-интерфейса vManage программно-определяемой сети Cisco SD-WAN, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 58%
0.00365
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-203