A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to gain access to sensitive information. This vulnerability is due to improper access controls on API endpoints when Cisco SD-WAN vManage Software is running in multi-tenant mode. An attacker with access to a device that is managed in the multi-tenant environment could exploit this vulnerability by sending a request to an affected API endpoint on the vManage system. A successful exploit could allow the attacker to gain access to sensitive information that may include hashed credentials that could be used in future attacks.
Advisories
Source ID Title
EUVD EUVD EUVD-2021-6982 A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to gain access to sensitive information. This vulnerability is due to improper access controls on API endpoints when Cisco SD-WAN vManage Software is running in multi-tenant mode. An attacker with access to a device that is managed in the multi-tenant environment could exploit this vulnerability by sending a request to an affected API endpoint on the vManage system. A successful exploit could allow the attacker to gain access to sensitive information that may include hashed credentials that could be used in future attacks.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sat, 09 Nov 2024 00:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2024-11-08T23:16:48.567Z

Reserved: 2020-11-13T00:00:00

Link: CVE-2021-1515

cve-icon Vulnrichment

Updated: 2024-08-03T16:11:17.769Z

cve-icon NVD

Status : Modified

Published: 2021-05-06T13:15:10.920

Modified: 2024-11-21T05:44:31.510

Link: CVE-2021-1515

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.