CVE-2021-34726 is a vulnerability in Cisco Sd Wan
Published on September 23, 2021
Cisco SD-WAN Software Command Injection Vulnerability
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root-level privileges.
Weakness Type
What is a Command Injection Vulnerability?
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CVE-2021-34726 has been classified to as a Command Injection vulnerability or weakness.
Products Associated with CVE-2021-34726
Want to know whenever a new CVE is published for Cisco Sd Wan? stack.watch will email you.
Affected Versions
Cisco SD-WAN Solution Version n/a is affected by CVE-2021-34726Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.