CVE-2021-1461

CVSS V2 None CVSS V3 None

Description

A vulnerability in the Image Signature Verification feature of Cisco SD-WAN Software could allow an authenticated, remote attacker with Administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.Cisco has released software updates that address the vulnerability described in this advisory. There are no workarounds that address this vulnerability.

Overview

CVE ID
CVE-2021-1461

Assigner
cisco

Vulnerability Status
PUBLISHED

Published Version
2024-11-18T15:33:06.681Z

Last Modified Date
2024-11-18T15:53:00.942Z

Weakness Enumerations

CWE	URL
CWE-347	http://cwe.mitre.org/data/definitions/347.html

References

Reference URL	Reference Tags
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-sigverbypass-gPYXd6Mk
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-webui-gQLSFyPM

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2021-1461
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1461

History

Created	Old Value	New Value	Data Type	Notes
2024-11-19 12:10:59				Added to TrackCVE