#VU52919 Improper Authentication in Cisco SD-WAN vManage - CVE-2021-1284
Published: May 6, 2021
Vulnerability identifier: #VU52919
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2021-1284
CWE-ID: CWE-287
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Cisco SD-WAN vManage
Cisco SD-WAN vManage
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A remote attacker on the local network can bypass authentication process and modify the configuration of an affected system.
Successful exploitation of the vulnerability may result in full system compromise.
Remediation
Install updates from vendor's website.
External links
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-auth-bypass-65aYqcS2
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28360
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28390
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28402
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28454
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv67264