Cisco SD-WAN vManage Dir Traversal via Authenticated HTTP Request
CVE-2021-1465 Published on November 18, 2024
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to write arbitrary files on the affected system.
Vulnerability Analysis
CVE-2021-1465 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2021-1465
stack.watch emails you whenever new vulnerabilities are published in Cisco Catalyst Sd Wan Manager or Cisco Sd Wan Vmanage. Just hit a watch button to start following.
Affected Versions
Cisco Catalyst SD-WAN Manager:- Version 17.2.6 is affected.
- Version 17.2.7 is affected.
- Version 17.2.8 is affected.
- Version 17.2.9 is affected.
- Version 17.2.10 is affected.
- Version 17.2.4 is affected.
- Version 17.2.5 is affected.
- Version 18.3.1.1 is affected.
- Version 18.3.3.1 is affected.
- Version 18.3.3 is affected.
- Version 18.3.4 is affected.
- Version 18.3.5 is affected.
- Version 18.3.7 is affected.
- Version 18.3.8 is affected.
- Version 18.3.6.1 is affected.
- Version 18.3.1 is affected.
- Version 18.3.0 is affected.
- Version 18.4.0.1 is affected.
- Version 18.4.3 is affected.
- Version 18.4.302 is affected.
- Version 18.4.303 is affected.
- Version 18.4.4 is affected.
- Version 18.4.5 is affected.
- Version 18.4.0 is affected.
- Version 18.4.1 is affected.
- Version 19.2.0 is affected.
- Version 19.2.097 is affected.
- Version 19.2.099 is affected.
- Version 19.2.1 is affected.
- Version 19.2.2 is affected.
- Version 19.2.3 is affected.
- Version 19.2.31 is affected.
- Version 19.2.929 is affected.
- Version 20.1.1.1 is affected.
- Version 20.1.12 is affected.
- Version 20.1.1 is affected.
- Version 19.3.0 is affected.
- Version 19.1.0 is affected.
- Version 18.2.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.