HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2021-1514

CVSS 7.8v3.1pub. 2021-05-06upd. 2024-11-21

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Cisco Catalyst Sd Wan Manager

    APP
    Cisco
    20.1 – 20.1.1 (bez)20.4 – 20.4.1 (bez)20.5 – 20.5.1 (bez)20.3 – 20.3.1 (bez)
  • Cisco Sd Wan Vbond Orchestrator

    APP
    Cisco
    < 18.320.5 – 20.5.1 (bez)20.1 – 20.1.1 (bez)20.3 – 20.3.1 (bez)20.4 – 20.4.1 (bez)
  • Cisco Sd Wan Vmanage

    APP
    Cisco
    < 18.3
  • Cisco Vedge 100

    HW
    Cisco
    wszystkie wersje
  • Cisco Vedge 1000

    HW
    Cisco
    wszystkie wersje
  • Cisco Vedge 1000 Firmware

    OS
    Cisco
    20.1 – 20.1.1 (bez)20.3 – 20.3.1 (bez)20.5 – 20.5.1 (bez)20.4 – 20.4.1 (bez)< 18.3
  • Cisco Vedge 100b

    HW
    Cisco
    wszystkie wersje
  • Cisco Vedge 100b

    HW
    Cisco
    wszystkie wersje
  • Cisco Vedge 100b Firmware

    OS
    Cisco
    < 18.320.3 – 20.3.1 (bez)20.4 – 20.4.1 (bez)20.5 – 20.5.1 (bez)20.1 – 20.1.1 (bez)
  • Cisco Vedge 100b Firmware

    OS
    Cisco
    20.1 – 20.1.1 (bez)20.3 – 20.3.1 (bez)20.4 – 20.4.1 (bez)20.5 – 20.5.1 (bez)< 18.3
  • Cisco Vedge 100 Firmware

    OS
    Cisco
    20.4 – 20.4.1 (bez)< 18.320.1 – 20.1.1 (bez)20.3 – 20.3.1 (bez)20.5 – 20.5.1 (bez)
  • Cisco Vedge 100m

    HW
    Cisco
    wszystkie wersje
  • Cisco Vedge 100m Firmware

    OS
    Cisco
    20.1 – 20.1.1 (bez)< 18.320.3 – 20.3.1 (bez)20.4 – 20.4.1 (bez)20.5 – 20.5.1 (bez)
  • Cisco Vedge 100wm

    HW
    Cisco
    wszystkie wersje
  • Cisco Vedge 100wm Firmware

    OS
    Cisco
    20.4 – 20.4.1 (bez)< 18.320.5 – 20.5.1 (bez)20.3 – 20.3.1 (bez)20.1 – 20.1.1 (bez)
  • Cisco Vedge 2000

    HW
    Cisco
    wszystkie wersje
  • Cisco Vedge 2000 Firmware

    OS
    Cisco
    20.1 – 20.1.1 (bez)20.3 – 20.3.1 (bez)< 18.320.5 – 20.5.1 (bez)20.4 – 20.4.1 (bez)
  • Cisco Vedge 5000

    HW
    Cisco
    wszystkie wersje
  • Cisco Vedge 5000 Firmware

    OS
    Cisco
    20.4 – 20.4.1 (bez)< 18.320.1 – 20.1.1 (bez)20.3 – 20.3.1 (bez)20.5 – 20.5.1 (bez)
  • Cisco Vedge Cloud

    HW
    Cisco
    wszystkie wersje
  • Cisco Vedge Cloud Firmware

    OS
    Cisco
    < 18.320.1 – 20.1.1 (bez)20.3 – 20.3.1 (bez)20.4 – 20.4.1 (bez)20.5 – 20.5.1 (bez)
  • Cisco Vsmart Controller

    HW
    Cisco
    wszystkie wersje
  • Cisco Vsmart Controller Firmware

    OS
    Cisco
    20.5 – 20.5.1 (bez)20.4 – 20.4.1 (bez)20.3 – 20.3.1 (bez)20.1 – 20.1.1 (bez)< 18.3
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2026-20182CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Cisco Catalyst SD-WAN — pominięcie uwierzytelnienia z dostępem administracyjnym

CVE-2026-20127CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Cisco Catalyst SD-WAN — ominięcie uwierzytelnienia peering i przejęcie uprawnień

CVE-2026-20129CRITICAL9.8PL ✓ten sam produkt

Pominięcie uwierzytelnienia w API Cisco Catalyst SD-WAN Manager

CVE-2023-20252CRITICAL9.8ten sam produkt

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Softwar...

CVE-2023-20214CRITICAL9.1ten sam produkt

A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software cou...