vulnerability

Cisco Catalyst SD-WAN: CVE-2021-1515: Cisco SD-WAN vManage Information Disclosure Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:A/AC:L/Au:N/C:P/I:N/A:N)	05/05/2021	06/25/2024	03/27/2025

Severity

CVSS

(AV:A/AC:L/Au:N/C:P/I:N/A:N)

Published

05/05/2021

Added

06/25/2024

Modified

03/27/2025

Description

A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to gain access to sensitive information. This vulnerability is due to improper access controls on API endpoints when Cisco SD-WAN vManage Software is running in multi-tenant mode. An attacker with access to a device that is managed in the multi-tenant environment could exploit this vulnerability by sending a request to an affected API endpoint on the vManage system. A successful exploit could allow the attacker to gain access to sensitive information that may include hashed credentials that could be used in future attacks.

Solution

cisco-catalyst-sdwan-update-latest

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today