Vulnerability CVE-2021-1589

Vulnerability CVE-2021-1589

Published: 2021-09-23

Description:

A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this vulnerability by sending a request to an API endpoint. A successful exploit could allow the attacker to gain unauthorized access to administrative credentials that could be used in further attacks.

Type:

CWE-522

(Insufficiently Protected Credentials)

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
3.5/10	2.9/10	6.8/10

Exploit range	Attack complexity	Authentication
Remote	Medium	Single time
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
Cisco -> Sd-wan

References:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-credentials-ydYfskzZ

Copyright 2024, cxsecurity.com