CVE-2021-1481

CVSS V2 None CVSS V3 None

Description

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Overview

CVE ID
CVE-2021-1481

Assigner
cisco

Vulnerability Status
PUBLISHED

Published Version
2024-11-15T16:37:23.188Z

Last Modified Date
2024-11-15T17:49:36.250Z

Weakness Enumerations

CWE	URL
CWE-943	http://cwe.mitre.org/data/definitions/943.html

References

Reference URL	Reference Tags
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-c7z9QqyB
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2021-1481
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1481

History

Created	Old Value	New Value	Data Type	Notes
2024-11-16 12:09:30				Added to TrackCVE