XXE in Cisco Catalyst_sd-wan_manager
CVE-2021-1483
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. This vulnerability is due to improper han…
Vulnerability class: XXE (XML External Entity)
EPSS: 0.009 (53.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N.
Affected products
- Cisco Catalyst_sd-wan_manager — versions 17.2.4, 17.2.5, 17.2.6
- Cisco Catalyst Sd-wan Manager — versions 20.1.12, 19.2.1, 18.4.4
Weakness classification (CWE)
References
- psirt@cisco.com (Vendor Advisory)
- psirt@cisco.com (Not Applicable)
- psirt@cisco.com (Not Applicable)
Frequently asked questions
- What is CVE-2021-1483?
- CVE-2021-1483 is a medium-severity vulnerability in Cisco Catalyst_sd-wan_manager, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 6.4/10. Published 2024-11-15.
- How severe is CVE-2021-1483?
- Medium severity. CVSS v3 base score is 6.4 out of 10.