HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2021-1528

CVSS 7.8v3.1pub. 2021-06-04upd. 2024-11-21

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this vulnerability by invoking a privileged process in the affected system. A successful exploit could allow the attacker to perform actions with the privileges of the root user.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Cisco Catalyst Sd Wan Manager

    APP
    Cisco
    20.5 – 20.5.1 (bez)20.4 – 20.4.2 (bez)
  • Cisco Sd Wan Vbond Orchestrator

    APP
    Cisco
    20.4 – 20.4.2 (bez)20.5 – 20.5.1 (bez)
  • Cisco Vedge 100

    HW
    Cisco
    wszystkie wersje
  • Cisco Vedge 1000

    HW
    Cisco
    wszystkie wersje
  • Cisco Vedge 1000 Firmware

    OS
    Cisco
    20.4 – 20.4.2 (bez)20.5 – 20.5.1 (bez)
  • Cisco Vedge 100b

    HW
    Cisco
    wszystkie wersje
  • Cisco Vedge 100b Firmware

    OS
    Cisco
    20.5 – 20.5.1 (bez)20.4 – 20.4.2 (bez)
  • Cisco Vedge 100 Firmware

    OS
    Cisco
    20.4 – 20.4.2 (bez)20.5 – 20.5.1 (bez)
  • Cisco Vedge 100m

    HW
    Cisco
    wszystkie wersje
  • Cisco Vedge 100m Firmware

    OS
    Cisco
    20.4 – 20.4.2 (bez)20.5 – 20.5.1 (bez)
  • Cisco Vedge 100wm

    HW
    Cisco
    wszystkie wersje
  • Cisco Vedge 100wm Firmware

    OS
    Cisco
    20.4 – 20.4.2 (bez)20.5 – 20.5.1 (bez)
  • Cisco Vedge 2000

    HW
    Cisco
    wszystkie wersje
  • Cisco Vedge 2000 Firmware

    OS
    Cisco
    20.4 – 20.4.2 (bez)20.5 – 20.5.1 (bez)
  • Cisco Vedge 5000

    HW
    Cisco
    wszystkie wersje
  • Cisco Vedge 5000 Firmware

    OS
    Cisco
    20.4 – 20.4.2 (bez)20.5 – 20.5.1 (bez)
  • Cisco Vedge Cloud

    HW
    Cisco
    wszystkie wersje
  • Cisco Vedge Cloud Firmware

    OS
    Cisco
    20.4 – 20.4.2 (bez)20.5 – 20.5.1 (bez)
  • Cisco Vsmart Controller

    APP
    Cisco
    20.4 – 20.4.2 (bez)20.5 – 20.5.1 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2026-20182CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Cisco Catalyst SD-WAN — pominięcie uwierzytelnienia z dostępem administracyjnym

CVE-2026-20127CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Cisco Catalyst SD-WAN — ominięcie uwierzytelnienia peering i przejęcie uprawnień

CVE-2026-20129CRITICAL9.8PL ✓ten sam produkt

Pominięcie uwierzytelnienia w API Cisco Catalyst SD-WAN Manager

CVE-2023-20252CRITICAL9.8ten sam produkt

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Softwar...

CVE-2023-20214CRITICAL9.1ten sam produkt

A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software cou...