Skip to main content

Sd Wan Vmanage CVE-2021-1507

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2021-05-06 psirt@cisco.com
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
May 06, 2021 - 13:15 nvd
MEDIUM 5.4

DescriptionNVD

A vulnerability in an API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the application web-based interface. This vulnerability exists because the API does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending malicious input to the API. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based interface or access sensitive, browser-based information.

AnalysisAI

A vulnerability in an API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A vulnerability in an API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the application web-based interface. This vulnerability exists because the API does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending malicious input to the API. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based interface or access sensitive, browser-based information. Affected products include: Cisco Sd-Wan Vmanage.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2021-1468 CRITICAL
9.8 May 06

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

CVE-2021-1479 CRITICAL
9.8 Apr 08

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

CVE-2023-20214 CRITICAL
9.1 Aug 03

A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow a

CVE-2021-1225 CRITICAL
9.1 Jan 20

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthent

CVE-2022-20696 HIGH
8.8 Sep 08

A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated,

CVE-2021-1508 HIGH
8.8 May 06

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

CVE-2021-1505 HIGH
8.8 May 06

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

CVE-2021-1284 HIGH
8.8 May 06

A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthentic

CVE-2022-20818 HIGH
7.8 Sep 30

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevat

CVE-2021-1514 HIGH
7.8 May 06

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary com

CVE-2021-1480 HIGH
7.8 Apr 08

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

CVE-2021-1137 HIGH
7.8 Apr 08

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

Share

CVE-2021-1507 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy