Vulnerability Description
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Sd-Wan Firmware | 18.2.0 |
| Cisco | Sd-Wan Vsmart Controller Firmware | All versions |
| Cisco | Vedge 100 Router | - |
| Cisco | Vedge 1000 Router | - |
| Cisco | Vedge 100B Router | - |
| Cisco | Vedge 100M Router | - |
| Cisco | Vedge 100Wm Router | - |
| Cisco | Vedge 2000 Router | - |
| Cisco | Vedge 5000 Router | - |
| Cisco | Vedge Cloud Router | - |
| Cisco | Catalyst Sd-Wan Manager | - |
| Cisco | Sd-Wan Vbond Orchestrator | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sVendor Advisory
FAQ
What is CVE-2021-1298?
CVE-2021-1298 is a vulnerability with a CVSS score of 8.8 (HIGH). Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain ...
How severe is CVE-2021-1298?
CVE-2021-1298 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-1298?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Sd-Wan Firmware, Cisco Sd-Wan Vsmart Controller Firmware, Cisco Vedge 100 Router, Cisco Vedge 1000 Router, Cisco Vedge 100B Router.