vulnerability

Cisco Catalyst SD-WAN: CVE-2021-1589: Cisco SD-WAN vManage Software Disaster Recovery Feature Password Exposure Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:C/I:N/A:N)	09/22/2021	06/25/2024	01/22/2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:N/A:N)

Published

09/22/2021

Added

06/25/2024

Modified

01/22/2025

Description

A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this vulnerability by sending a request to an API endpoint. A successful exploit could allow the attacker to gain unauthorized access to administrative credentials that could be used in further attacks.

Solution

cisco-catalyst-sdwan-update-latest

References

CVE-2021-1589
https://attackerkb.com/topics/CVE-2021-1589
URL-https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-credentials-ydYfskzZ
CISCO-cisco-sa-sd-wan-credentials-ydYfskzZ

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today