CVE-2021-1481

{"id": "CVE-2021-1481", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-11-15T17:15:08.277", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC", "source": "ykramarz@cisco.com"}, {"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-c7z9QqyB", "source": "ykramarz@cisco.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-943"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system.\r\nThis vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco SD-WAN vManage Software podr\u00eda permitir que un atacante remoto autenticado realice ataques de inyecci\u00f3n de lenguaje de consulta Cypher en un sistema afectado. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente por parte de la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando solicitudes HTTP manipuladas a la interfaz de un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante obtener informaci\u00f3n confidencial. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad."}], "lastModified": "2024-11-18T17:11:56.587", "sourceIdentifier": "ykramarz@cisco.com"}