Vulnerability in Cisco Catalyst Sd-wan Manager
CVE-2021-1461
A vulnerability in the Image Signature Verification feature of Cisco SD-WAN Software could allow an authenticated, remote attacker with Administrator-level credentials to install a malicious software patch on an affected device. The…
EPSS: 0.000 (10.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/RL:X/RC:X/E:X.
Affected products
- Cisco Catalyst Sd-wan Manager — versions 19.2.1, 18.4.4, 19.3.0
- Cisco Sd-wan Vedge Router — versions 18.4.303, 18.3.7, 19.3.0
Weakness classification (CWE)
References
- cisco-sa-sdwan-sigverbypass-gPYXd6Mk
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-webui-gQLSFyPM</a></p><p>This advisory is part of the October 2021 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74773">Cisco Event Response: October 2021 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication
Frequently asked questions
- What is CVE-2021-1461?
- CVE-2021-1461 is a medium-severity vulnerability in Cisco Catalyst Sd-wan Manager, classified under Improper Verification of Cryptographic Signature. CVSS score: 4.9/10. Published 2024-11-18.
- How severe is CVE-2021-1461?
- Medium severity. CVSS v3 base score is 4.9 out of 10.