CVE-2021-1225
Cisco SD-WAN vManage SQL Injection Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates values in SQL queries. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system.
Varias vulnerabilidades en la interfaz de administración basada en web del Software Cisco SD-WAN vManage, podrían permitir a un atacante remoto no autenticado conducir ataques de inyección SQL en un sistema afectado. Estas vulnerabilidades se presentan porque la interfaz de administración basada en web comprueba inapropiadamente los valores en las consultas SQL. Un atacante podría explotar estas vulnerabilidades al autenticarse en la aplicación y enviar consultas SQL maliciosas hacia un sistema afectado. Una explotación con éxito podría permitir al atacante modificar o devolver valores de la base de datos subyacente o del sistema operativo
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2020-11-13 CVE Reserved
- 2021-01-20 CVE Published
- 2024-01-24 EPSS Updated
- 2024-11-12 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Sd-wan Vmanage Search vendor "Cisco" for product "Sd-wan Vmanage" | < 19.2.3 Search vendor "Cisco" for product "Sd-wan Vmanage" and version " < 19.2.3" | - |
Affected
|