vulnerability

Cisco Catalyst SD-WAN: CVE-2021-1486: Cisco SD-WAN vManage HTTP Authentication User Enumeration Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	05/05/2021	06/25/2024	03/27/2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

05/05/2021

Added

06/25/2024

Modified

03/27/2025

Description

A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the HTTP responses that are returned by the affected system to determine which accounts are valid user accounts.

Solution

cisco-catalyst-sdwan-update-latest

References

CVE-2021-1486
https://attackerkb.com/topics/CVE-2021-1486
URL-https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-enumeration-64eNnDKy
CISCO-cisco-sa-vmanage-enumeration-64eNnDKy

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today