CVE-2021-1515 MEDIUM

CVE-2021-1515: Cisco SD-WAN vManage Information Disclosure Vulnerability

Vendor Cisco
Product Cisco SD-WAN vManage
Weakness CWE-284
Published May 6, 2021
Last update November 8, 2024

CVSS base score

4.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to gain access to sensitive information. This vulnerability is due to improper access controls on API endpoints when Cisco SD-WAN vManage Software is running in multi-tenant mode. An attacker with access to a device that is managed in the multi-tenant environment could exploit this vulnerability by sending a request to an affected API endpoint on the vManage system. A successful exploit could allow the attacker to gain access to sensitive information that may include hashed credentials that could be used in future attacks.

Key dates

02Disclosure timeline

May 6, 2021 CVE published
November 8, 2024 Record updated