Vulnerability Description
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xe Sd-Wan | - |
| Cisco | Sd-Wan Firmware | < 20.3.2 |
| Cisco | Sd-Wan Vsmart Controller Firmware | All versions |
| Cisco | Vedge 100 Router | - |
| Cisco | Vedge 1000 Router | - |
| Cisco | Vedge 100B Router | - |
| Cisco | Vedge 100M Router | - |
| Cisco | Vedge 100Wm Router | - |
| Cisco | Vedge 2000 Router | - |
| Cisco | Vedge 5000 Router | - |
| Cisco | Vedge Cloud Router | - |
| Cisco | Sd-Wan Vbond Orchestrator | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sVendor Advisory
FAQ
What is CVE-2021-1305?
CVE-2021-1305 is a vulnerability with a CVSS score of 8.8 (HIGH). Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an...
How severe is CVE-2021-1305?
CVE-2021-1305 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-1305?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe Sd-Wan, Cisco Sd-Wan Firmware, Cisco Sd-Wan Vsmart Controller Firmware, Cisco Vedge 100 Router, Cisco Vedge 1000 Router.