CVE-2021-1137

Published on: 04/08/2021 12:00:00 AM UTC

Last Modified on: 04/14/2021 03:57:00 PM UTC

CVE-2021-1137 - advisory for cisco-sa-vmanage-YuTVWqy

Source: Mitre
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Sd-wan Vmanage from Cisco contain the following vulnerability:

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

  • CVE-2021-1137 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
  • Affected Vendor/Software: Cisco - Cisco SD-WAN Solution version n/a

CVSS3 Score: 7.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.2 - HIGH

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
Cisco SD-WAN vManage Software Vulnerabilities tools.cisco.com
text/html
URL Logo CISCO 20210407 Cisco SD-WAN vManage Software Vulnerabilities

Related QID Numbers

  • 316921 Cisco SD-WAN vManage Software Vulnerabilities (cisco-sa-vmanage-YuTVWqy)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationCiscoSd-wan VmanageAllAllAllAll
  • cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2021-1137 : Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote at… twitter.com/i/web/status/1… 2021-04-08 04:12:05