CVE-2021-1614
MEDIUMCisco SD-WAN 18.4.0-18.4.5 - Unauthenticated Information Disclosure via MPLS Packet Handling
Title source: llmDescription
A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. This vulnerability is due to insufficient handling of malformed MPLS packets that are processed by a device that is running Cisco SD-WAN Software. An attacker could exploit this vulnerability by sending a crafted MPLS packet to an affected device that is running Cisco SD-WAN Software or Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.
References (1)
Core 1
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-mpls-infodisclos-MSSRFkZq
Scores
CVSS v3
5.3
EPSS
0.0054
EPSS Percentile
67.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-126
Status
published
Products (1)
cisco/sd-wan
18.4.0 - 18.4.6
Published
Jul 22, 2021
Tracked Since
Feb 18, 2026