Vedge 100 Firmware
CVE-2021-1509
HIGH
Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
AnalysisAI
Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Affected products include: Cisco Vedge 100 Firmware, Cisco Vedge 1000 Firmware, Cisco Vedge 100B Firmware, Cisco Vedge 100M Firmware, Cisco Vedge 100Wm Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
More in Vedge 100 Firmware
View allA vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files
A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacke
A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote att
A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated,
A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, r
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privil
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary com
A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacke
A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate p
A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local att
A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local att
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today