CVE-2021-34712

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information.

Published: Sep 23, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-34712
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / sd-wan_vmanage	20.3	20.3.4
cisco / catalyst_sd-wan_manager	20.6	20.6.x
cisco / catalyst_sd-wan_manager	20.4	20.4.2.x
cisco / catalyst_sd-wan_manager	20.5	20.5.x

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-jOsuRJCc

Vulnerability Database

289,599

CVE-2021-34712