CVE-2021-1486

MEDIUM

Cisco SD-WAN vManage <20.3.3 & Catalyst SD-WAN Manager 20.4-20.4.1 - Unauthenticated User Enumeration

Title source: llm

Description

A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the HTTP responses that are returned by the affected system to determine which accounts are valid user accounts.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-enumeration-64eNnDKy

Scores

CVSS v3 5.3

EPSS 0.0037

EPSS Percentile 58.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-203

Status published

Products (2)

cisco/catalyst_sd-wan_manager 20.4 - 20.4.1

cisco/sd-wan_vmanage < 20.3.3

Published May 06, 2021

Tracked Since Feb 18, 2026