Cisco SD-WAN vManage Mutiple High-Risk Vulnerability Alert
Vulnerability Detail
CVE-2021-1479: Cisco SD-WAN vManage Remote Management Buffer Overflow Vulnerability
A vulnerability in a remote management component of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition.CVE-2021-1137: Cisco SD-WAN vManage Privilege Escalation Vulnerability
A vulnerability in the user management function of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system.
CVE-2021-1480: Cisco SD-WAN vManage Privilege Escalation Vulnerability
A vulnerability in system file transfer functions of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system.
Affected version
Cisco SD-WAN vManage Release | First Fixed Release | First Fixed Release for all Vulnerabilities in this Advisory |
---|---|---|
18.4 and earlier | Migrate to a fixed release. | Migrate to a fixed release. |
19.2 | 19.2.4 | 19.2.4 |
19.3 | Migrate to a fixed release. | Migrate to a fixed release. |
20.1 | Migrate to a fixed release. | Migrate to a fixed release. |
20.3 | 20.3.3 | 20.3.3 |
20.4 | 20.4.1 | 20.4.1 |
Solution
In this regard, we recommend that users upgrade Cisco SD-WAN vManage to the latest version in time.