CVE-2021-1484
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/11/2024
Last modified:
04/08/2025
Description
A vulnerability in the web UI of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to inject arbitrary commands on an affected system and cause a denial of service (DoS) condition.<br />
This vulnerability is due to improper input validation of user-supplied input to the device template configuration. An attacker could exploit this vulnerability by submitting crafted input to the device template configuration. A successful exploit could allow the attacker to cause a DoS condition on the affected system.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.5:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page