CVE-2021-1484
MEDIUMCisco Catalyst SD-WAN Manager - Authenticated Command Injection via Device Template Configuration
Title source: llmDescription
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to inject arbitrary commands on an affected system and cause a denial of service (DoS) condition. This vulnerability is due to improper input validation of user-supplied input to the device template configuration. An attacker could exploit this vulnerability by submitting crafted input to the device template configuration. A successful exploit could allow the attacker to cause a DoS condition on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
References (2)
Core 2
Scores
CVSS v3
6.5
EPSS
0.0119
EPSS Percentile
63.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-88
Status
published
Products (50)
cisco/catalyst_sd-wan_manager
17.2.4
cisco/catalyst_sd-wan_manager
17.2.5
cisco/catalyst_sd-wan_manager
17.2.6
cisco/catalyst_sd-wan_manager
17.2.7
cisco/catalyst_sd-wan_manager
17.2.8
cisco/catalyst_sd-wan_manager
17.2.9
cisco/catalyst_sd-wan_manager
17.2.10
cisco/catalyst_sd-wan_manager
18.2.0
cisco/catalyst_sd-wan_manager
18.3.0
cisco/catalyst_sd-wan_manager
18.3.1
... and 40 more
Published
Nov 15, 2024
Tracked Since
Feb 18, 2026