Vulnerability-Lookup

CVE-2021-1514 (GCVE-0-2021-1514)

Vulnerability from cvelistv5 – Published: 2021-05-06 12:50 – Updated: 2024-11-08 23:16

Title

Cisco SD-WAN Software Privilege Escalation Vulnerability

Summary

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-20

Assigner

cisco

References

URL

	Vendor	Product	Version
	Cisco	Cisco SD-WAN Solution	Affected: n/a

FKIE_CVE-2021-1514

Vulnerability from fkie_nvd - Published: 2021-05-06 13:15 - Updated: 2024-11-21 05:44

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-QVszVUPy	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-QVszVUPy	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	catalyst_sd-wan_manager	*
cisco	catalyst_sd-wan_manager	*
cisco	catalyst_sd-wan_manager	*
cisco	catalyst_sd-wan_manager	*
cisco	sd-wan_vbond_orchestrator	*
cisco	sd-wan_vbond_orchestrator	*
cisco	sd-wan_vbond_orchestrator	*
cisco	sd-wan_vbond_orchestrator	*
cisco	sd-wan_vbond_orchestrator	*
cisco	sd-wan_vmanage	*
cisco	vsmart_controller_firmware	*
cisco	vsmart_controller_firmware	*
cisco	vsmart_controller_firmware	*
cisco	vsmart_controller_firmware	*
cisco	vsmart_controller_firmware	*
cisco	vsmart_controller	-
cisco	vedge_100_firmware	*
cisco	vedge_100_firmware	*
cisco	vedge_100_firmware	*
cisco	vedge_100_firmware	*
cisco	vedge_100_firmware	*
cisco	vedge_100	-
cisco	vedge_1000_firmware	*
cisco	vedge_1000_firmware	*
cisco	vedge_1000_firmware	*
cisco	vedge_1000_firmware	*
cisco	vedge_1000_firmware	*
cisco	vedge_1000	-
cisco	vedge_100b_firmware	*
cisco	vedge_100b_firmware	*
cisco	vedge_100b_firmware	*
cisco	vedge_100b_firmware	*
cisco	vedge_100b_firmware	*
cisco	vedge_100b	-
cisco	vedge_100m_firmware	*
cisco	vedge_100m_firmware	*
cisco	vedge_100m_firmware	*
cisco	vedge_100m_firmware	*
cisco	vedge_100m_firmware	*
cisco	vedge_100m	-
cisco	vedge_100wm_firmware	*
cisco	vedge_100wm_firmware	*
cisco	vedge_100wm_firmware	*
cisco	vedge_100wm_firmware	*
cisco	vedge_100wm_firmware	*
cisco	vedge_100wm	-
cisco	vedge_2000_firmware	*
cisco	vedge_2000_firmware	*
cisco	vedge_2000_firmware	*
cisco	vedge_2000_firmware	*
cisco	vedge_2000_firmware	*
cisco	vedge_2000	-
cisco	vedge_5000_firmware	*
cisco	vedge_5000_firmware	*
cisco	vedge_5000_firmware	*
cisco	vedge_5000_firmware	*
cisco	vedge_5000_firmware	*
cisco	vedge_5000	-
cisco	vedge-100b_firmware	*
cisco	vedge-100b_firmware	*
cisco	vedge-100b_firmware	*
cisco	vedge-100b_firmware	*
cisco	vedge-100b_firmware	*
cisco	vedge-100b	-
cisco	vedge_cloud_firmware	*
cisco	vedge_cloud_firmware	*
cisco	vedge_cloud_firmware	*
cisco	vedge_cloud_firmware	*
cisco	vedge_cloud_firmware	*
cisco	vedge_cloud	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "294BFF76-0352-4778-B6DA-3F8D5C69B5EE",
              "versionEndExcluding": "20.1.1",
              "versionStartIncluding": "20.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3366F4EC-9DCD-44F8-8430-1B3BA7A9B95F",
              "versionEndExcluding": "20.3.1",
              "versionStartIncluding": "20.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2D155FE-14C5-4658-A5D4-974DCE7FED4F",
              "versionEndExcluding": "20.4.1",
              "versionStartIncluding": "20.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE2C4782-DD4D-4113-A367-13DA609AD5F4",
              "versionEndExcluding": "20.5.1",
              "versionStartIncluding": "20.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBCB1ED4-B8F6-454A-A50E-1E6C5799A38B",
              "versionEndExcluding": "18.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52660B0F-9951-4720-9243-C04D19E1C900",
              "versionEndExcluding": "20.1.1",
              "versionStartIncluding": "20.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43CB0C13-B19C-4716-9079-E3187C6A8F60",
              "versionEndExcluding": "20.3.1",
              "versionStartIncluding": "20.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CBDDA10-0C6A-4AE2-A79D-6ACE91BCE422",
              "versionEndExcluding": "20.4.1",
              "versionStartIncluding": "20.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3079495E-BB87-48EF-92F2-5C0DFBBDFB2D",
              "versionEndExcluding": "20.5.1",
              "versionStartIncluding": "20.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA56832C-0BA7-49F8-B03D-F7A8DDBA2D76",
              "versionEndExcluding": "18.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9F385B4-A7C9-4964-9A2F-9B246C2A4219",
              "versionEndExcluding": "18.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D792D2-7C42-4E49-A024-7D8F10A5CD03",
              "versionEndExcluding": "20.1.1",
              "versionStartIncluding": "20.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89290824-9E80-4DA6-B943-500A9DC80EF4",
              "versionEndExcluding": "20.3.1",
              "versionStartIncluding": "20.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57361E3C-D8AD-4971-8015-96B8910B847D",
              "versionEndExcluding": "20.4.1",
              "versionStartIncluding": "20.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6B61FD2-6C23-4A1A-AED4-CAD54D0715C4",
              "versionEndExcluding": "20.5.1",
              "versionStartIncluding": "20.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:vsmart_controller:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF370668-127C-409B-83FE-293B830D4FB4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E03063D-9DB6-4D3A-8FFF-C530635371CC",
              "versionEndExcluding": "18.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43E988F6-8D4D-4E75-9C43-31E92AA3F85A",
              "versionEndExcluding": "20.1.1",
              "versionStartIncluding": "20.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C67D65F-5DBD-4DCE-84CF-F1F2FBA4A250",
              "versionEndExcluding": "20.3.1",
              "versionStartIncluding": "20.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BFED2F3-4C18-4BE5-9F97-2CFCE37E7A2E",
              "versionEndExcluding": "20.4.1",
              "versionStartIncluding": "20.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B89D5AE2-3ED3-4C57-AF93-E9750D38F029",
              "versionEndExcluding": "20.5.1",
              "versionStartIncluding": "20.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00AAB4DD-1C45-412F-84AA-C056A0BBFB9A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBF226AE-FF8F-4203-8DAC-438E82AEC85A",
              "versionEndExcluding": "18.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AD6B70F-1356-4AB4-A8DB-6BB3BAD854A6",
              "versionEndExcluding": "20.1.1",
              "versionStartIncluding": "20.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "669F7796-2CBF-42BF-91C4-F861DF09D4B7",
              "versionEndExcluding": "20.3.1",
              "versionStartIncluding": "20.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C849A5-EBF4-4CD7-93AE-503C3E0B7A05",
              "versionEndExcluding": "20.4.1",
              "versionStartIncluding": "20.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "834192CC-585D-445E-B2AD-D73E9CDF3FED",
              "versionEndExcluding": "20.5.1",
              "versionStartIncluding": "20.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F019975D-3A45-4522-9CB9-F4258C371DF6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A5A7F2E-0B61-4C4C-AE1F-BAFB735DA905",
              "versionEndExcluding": "18.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1158B505-4DAC-42BB-A9E5-533BCA7545F4",
              "versionEndExcluding": "20.1.1",
              "versionStartIncluding": "20.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "427DC9A5-3374-440C-A797-DC7BBCCCB13D",
              "versionEndExcluding": "20.3.1",
              "versionStartIncluding": "20.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12136AD8-9113-46B9-B6A9-0C330ABB05B9",
              "versionEndExcluding": "20.4.1",
              "versionStartIncluding": "20.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "632EBFCA-132A-4AC9-A244-7D6EBCAEAC16",
              "versionEndExcluding": "20.5.1",
              "versionStartIncluding": "20.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0811E0B5-889E-451E-B754-A8FEE32BDFA2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E77822B-DEF3-44C3-9AFE-A406ECD26EE5",
              "versionEndExcluding": "18.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A4C603C-9858-4048-AA20-7C7F7BB84DBD",
              "versionEndExcluding": "20.1.1",
              "versionStartIncluding": "20.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51AE026-39C0-400B-8E78-21ACBF6D560F",
              "versionEndExcluding": "20.3.1",
              "versionStartIncluding": "20.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "829BA8C4-8E99-4338-817B-9F9FF37105BE",
              "versionEndExcluding": "20.4.1",
              "versionStartIncluding": "20.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6375DFCF-2EEB-482B-AAD4-8FAB8F03C9C0",
              "versionEndExcluding": "20.5.1",
              "versionStartIncluding": "20.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "36973815-F46D-4ADA-B9DF-BCB70AC60BD3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "646D2962-5FB3-45E1-B743-CFDF6219742B",
              "versionEndExcluding": "18.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B55B533F-0942-4848-A823-8D17BD9C70AC",
              "versionEndExcluding": "20.1.1",
              "versionStartIncluding": "20.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "04BBF912-56A4-4B0D-AEDE-3B4A66E46DC6",
              "versionEndExcluding": "20.3.1",
              "versionStartIncluding": "20.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "200199EC-2819-4DE0-828C-0F56790CA1B4",
              "versionEndExcluding": "20.4.1",
              "versionStartIncluding": "20.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "104BBAE4-C7C1-4E5A-A540-AF679FCE1CD2",
              "versionEndExcluding": "20.5.1",
              "versionStartIncluding": "20.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "061A302C-8D35-4E80-93DA-916DA7E90C06",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66F09F72-2D64-4952-8ED1-5B1D8817B065",
              "versionEndExcluding": "18.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28170198-23CE-48F9-8502-3C0F51EDCB33",
              "versionEndExcluding": "20.1.1",
              "versionStartIncluding": "20.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48758B17-6BB7-45BB-AB83-36AF55238250",
              "versionEndExcluding": "20.3.1",
              "versionStartIncluding": "20.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E479E1A4-0F80-4FDC-8F9F-9E23A885179A",
              "versionEndExcluding": "20.4.1",
              "versionStartIncluding": "20.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "584863D2-B181-4CDF-8266-EEBA56A5AA85",
              "versionEndExcluding": "20.5.1",
              "versionStartIncluding": "20.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "140AF13E-4463-478B-AA94-97406A80CB86",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5488D32F-808B-4327-8C57-13F270C02C1B",
              "versionEndExcluding": "18.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B559B94-0730-4F3D-90AB-E71D2E684C19",
              "versionEndExcluding": "20.1.1",
              "versionStartIncluding": "20.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2090A040-270A-4BD1-8430-603C709F64E8",
              "versionEndExcluding": "20.3.1",
              "versionStartIncluding": "20.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4288CD57-CDEE-4B03-8163-7CDDE7767914",
              "versionEndExcluding": "20.4.1",
              "versionStartIncluding": "20.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C0D971-E2C4-4048-A08F-0A5D437866F8",
              "versionEndExcluding": "20.5.1",
              "versionStartIncluding": "20.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1356861D-E6CA-4973-9597-629507E8C07E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:vedge-100b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F1B097C-09B1-4DC6-B0F9-92E01C415DF3",
              "versionEndExcluding": "18.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge-100b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA95C6C-72C5-4DDF-B036-5AB2900C9C71",
              "versionEndExcluding": "20.1.1",
              "versionStartIncluding": "20.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge-100b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8123987-EAD3-47D2-AD9F-167A1D52AEF7",
              "versionEndExcluding": "20.3.1",
              "versionStartIncluding": "20.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge-100b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "25953689-6E4F-477A-A251-54C1D8ED8880",
              "versionEndExcluding": "20.4.1",
              "versionStartIncluding": "20.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge-100b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3414238A-002E-48F7-82DE-FE4122B1A10A",
              "versionEndExcluding": "20.5.1",
              "versionStartIncluding": "20.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:vedge-100b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E7851F-3E72-4677-B907-CF777EBED2FF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83F5CAE4-CB80-441B-928D-86C13570AA1B",
              "versionEndExcluding": "18.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC788143-279B-4325-988A-5FBAA4B438CC",
              "versionEndExcluding": "20.1.1",
              "versionStartIncluding": "20.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FBE16B1-8E2A-4DF8-B362-86874FAC1F0C",
              "versionEndExcluding": "20.3.1",
              "versionStartIncluding": "20.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "430D9FAC-36E8-4AB0-85F2-88D7EF1F6B7A",
              "versionEndExcluding": "20.4.1",
              "versionStartIncluding": "20.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDBBDE43-BBAE-431B-AF56-73D9CC8743F7",
              "versionEndExcluding": "20.5.1",
              "versionStartIncluding": "20.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:vedge_cloud:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "94999112-9EAA-4707-B002-F867D7628C49",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la CLI de Cisco SD-WAN Software, podr\u00eda permitir a un atacante local autenticado inyectar comandos arbitrarios para que sean ejecutados con privilegios de administrador en el Sistema Operativo subyacente.\u0026#xa0;Esta vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de la entrada en determinados comandos de la CLI.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad si se autentica en el dispositivo y env\u00eda una entrada dise\u00f1ada a la CLI.\u0026#xa0;El atacante debe estar autenticado como un usuario poco privilegiado para ejecutar los comandos afectados.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar comandos con privilegios de administrador"
    }
  ],
  "id": "CVE-2021-1514",
  "lastModified": "2024-11-21T05:44:31.353",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 2.5,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-06T13:15:10.887",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-QVszVUPy"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-QVszVUPy"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-RPJX-3G4C-XQFH

Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-08-06 00:00

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-1514"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-77",
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-06T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges.",
  "id": "GHSA-rpjx-3g4c-xqfh",
  "modified": "2022-08-06T00:00:45Z",
  "published": "2022-05-24T19:01:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1514"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-QVszVUPy"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2021-1514

Vulnerability from fstec - Published: 05.05.2021

Title

Уязвимость интерфейса командной строки программно-определяемой сети Cisco SD-WAN, позволяющая нарушителю повысить свои привилегии и выполнять произвольные команды

Description

Уязвимость интерфейса командной строки программно-определяемой сети Cisco SD-WAN связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии и выполнять произвольные команды

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Vendor

Cisco Systems Inc.

Software Name

Cisco SD-WAN

Software Version

от 20.4 до 20.4.1 (Cisco SD-WAN), от 20.5 до 20.5.1 (Cisco SD-WAN), от 20.3 до 20.3.1 (Cisco SD-WAN), от 18.3 до 18.3.0 (Cisco SD-WAN), от 18.4 до 18.4.0 (Cisco SD-WAN), от 19.1 до 19.1.0 (Cisco SD-WAN), от 19.2 до 19.2.0 (Cisco SD-WAN), от 19.3 до 19.3.0 (Cisco SD-WAN), от 20.1 до 20.1.1 (Cisco SD-WAN)

Possible Mitigations

Использование рекомендаций: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-QVszVUPy

Reference

https://www.cybersecurity-help.cz/vdb/SB2021050623 https://nvd.nist.gov/vuln/detail/CVE-2021-1514 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-QVszVUPy

CWE

CWE-20, CWE-77

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 20.4 \u0434\u043e 20.4.1 (Cisco SD-WAN), \u043e\u0442 20.5 \u0434\u043e 20.5.1 (Cisco SD-WAN), \u043e\u0442 20.3 \u0434\u043e 20.3.1 (Cisco SD-WAN), \u043e\u0442 18.3 \u0434\u043e 18.3.0 (Cisco SD-WAN), \u043e\u0442 18.4 \u0434\u043e 18.4.0 (Cisco SD-WAN), \u043e\u0442 19.1 \u0434\u043e 19.1.0 (Cisco SD-WAN), \u043e\u0442 19.2 \u0434\u043e 19.2.0 (Cisco SD-WAN), \u043e\u0442 19.3 \u0434\u043e 19.3.0 (Cisco SD-WAN), \u043e\u0442 20.1 \u0434\u043e 20.1.1 (Cisco SD-WAN)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-QVszVUPy",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.05.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "15.06.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.06.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-03040",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-1514",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco SD-WAN",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u043c\u043e\u0439 \u0441\u0435\u0442\u0438 Cisco SD-WAN, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20), \u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0447\u0438\u0441\u0442\u043a\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u043c \u0443\u0440\u043e\u0432\u043d\u0435 (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443) (CWE-77)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u043c\u043e\u0439 \u0441\u0435\u0442\u0438 Cisco SD-WAN \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cybersecurity-help.cz/vdb/SB2021050623\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-1514\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-QVszVUPy",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20, CWE-77",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,4)"
}

GSD-2021-1514

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-1514

Aliases

CVE-2021-1514

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-1514",
    "description": "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges.",
    "id": "GSD-2021-1514"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-1514"
      ],
      "details": "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges.",
      "id": "GSD-2021-1514",
      "modified": "2023-12-13T01:23:21.901256Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2021-05-05T16:00:00",
        "ID": "CVE-2021-1514",
        "STATE": "PUBLIC",
        "TITLE": "Cisco SD-WAN Software Privilege Escalation Vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco SD-WAN Solution ",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
      ],
      "impact": {
        "cvss": {
          "baseScore": "4.4",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N ",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-20"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20210505 Cisco SD-WAN Software Privilege Escalation Vulnerability",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-QVszVUPy"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-sdwan-privesc-QVszVUPy",
        "defect": [
          [
            "CSCvi69989"
          ]
        ],
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "18.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "20.1.1",
                "versionStartIncluding": "20.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "20.3.1",
                "versionStartIncluding": "20.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "20.4.1",
                "versionStartIncluding": "20.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "20.5.1",
                "versionStartIncluding": "20.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "18.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "20.4.1",
                "versionStartIncluding": "20.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "20.3.1",
                "versionStartIncluding": "20.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "20.5.1",
                "versionStartIncluding": "20.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "20.1.1",
                "versionStartIncluding": "20.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "18.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.1.1",
                    "versionStartIncluding": "20.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.3.1",
                    "versionStartIncluding": "20.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.4.1",
                    "versionStartIncluding": "20.4",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vsmart_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.5.1",
                    "versionStartIncluding": "20.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vsmart_controller:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "18.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.1.1",
                    "versionStartIncluding": "20.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.3.1",
                    "versionStartIncluding": "20.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.4.1",
                    "versionStartIncluding": "20.4",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.5.1",
                    "versionStartIncluding": "20.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "18.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.1.1",
                    "versionStartIncluding": "20.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.3.1",
                    "versionStartIncluding": "20.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.4.1",
                    "versionStartIncluding": "20.4",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.5.1",
                    "versionStartIncluding": "20.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "18.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.1.1",
                    "versionStartIncluding": "20.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.3.1",
                    "versionStartIncluding": "20.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.4.1",
                    "versionStartIncluding": "20.4",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.5.1",
                    "versionStartIncluding": "20.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "18.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.1.1",
                    "versionStartIncluding": "20.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.3.1",
                    "versionStartIncluding": "20.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.4.1",
                    "versionStartIncluding": "20.4",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.5.1",
                    "versionStartIncluding": "20.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "18.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.1.1",
                    "versionStartIncluding": "20.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.3.1",
                    "versionStartIncluding": "20.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.4.1",
                    "versionStartIncluding": "20.4",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.5.1",
                    "versionStartIncluding": "20.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "18.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.1.1",
                    "versionStartIncluding": "20.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.3.1",
                    "versionStartIncluding": "20.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.4.1",
                    "versionStartIncluding": "20.4",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.5.1",
                    "versionStartIncluding": "20.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "18.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.1.1",
                    "versionStartIncluding": "20.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.3.1",
                    "versionStartIncluding": "20.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.4.1",
                    "versionStartIncluding": "20.4",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.5.1",
                    "versionStartIncluding": "20.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge-100b_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "18.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge-100b_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.1.1",
                    "versionStartIncluding": "20.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge-100b_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.3.1",
                    "versionStartIncluding": "20.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge-100b_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.4.1",
                    "versionStartIncluding": "20.4",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge-100b_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.5.1",
                    "versionStartIncluding": "20.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vedge-100b:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "18.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.1.1",
                    "versionStartIncluding": "20.1",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.3.1",
                    "versionStartIncluding": "20.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.4.1",
                    "versionStartIncluding": "20.4",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.5.1",
                    "versionStartIncluding": "20.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:vedge_cloud:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2021-1514"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210505 Cisco SD-WAN Software Privilege Escalation Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-QVszVUPy"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-10-16T16:35Z",
      "publishedDate": "2021-05-06T13:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-1514 (GCVE-0-2021-1514)

FKIE_CVE-2021-1514

GHSA-RPJX-3G4C-XQFH

CVE-2021-1514

GSD-2021-1514

Tags

Sightings

Nomenclature