CVE-2021-1470

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Nov 15, 2024

CWE ID 20

CWE ID 89

Summary

CVE-2021-1470 is a vulnerability affecting the web-based management interface of Cisco SD-WAN vManage Software. An authenticated, remote attacker can exploit this issue by sending malicious SQL queries, leading to SQL injection attacks. The flaw arises from inadequate input validation of SQL queries, potentially enabling attackers to modify database values or retrieve sensitive information from the vManage database or underlying operating system. Cisco has released software updates to mitigate these vulnerabilities. No workarounds are currently available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Cisco Catalyst SD-WAN Manager

Affected Vendors

Cisco Systems Inc

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners