CVE-2021-1480

HIGH

Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 19.2.4 - Unauthenticated Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-1480. PoCs published by xmco.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-1480, a privilege escalation vulnerability in Cisco SD-WAN. The exploit uses a TCP proxy to intercept and modify traffic between the confd_cli and the legitimate confd endpoint, replacing the user ID (0x3EA) with root (0x00) to execute commands as root.

Description

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

Exploits (1)

nomisec WORKING POC 4 stars

by xmco · poc

https://github.com/xmco/sdwan-cve-2021-1480

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-1480, a privilege escalation vulnerability in Cisco SD-WAN. The exploit uses a TCP proxy to intercept and modify traffic between the confd_cli and the legitimate confd endpoint, replacing the user ID (0x3EA) with root (0x00) to execute commands as root.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Cisco SD-WAN (specific version not specified)

Auth required

Prerequisites: Access to the confd_cli · Ability to intercept/modify traffic between confd_cli and confd endpoint

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy

Scores

CVSS v3 7.8

EPSS 0.0528

EPSS Percentile 90.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-119 CWE-20

Status published

Products (2)

cisco/catalyst_sd-wan_manager 20.4 - 20.4.1

cisco/sd-wan_vmanage < 19.2.4

Published Apr 08, 2021

Tracked Since Feb 18, 2026