CVE-2021-1301

CVE Database · CVE-2021-1301

CVE-2021-1301

· CRITICALModified

CVSS v3.1

9.8

EPSS

2.10%

Published

Jan 20, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-119CWE-20

Affected Products (16)

cisco · ios_xe_sd-wanvulnerable

cisco · sd-wan_firmwarevulnerable

cisco · sd-wan_vsmart_controller_firmwarevulnerable

cisco · vedge_100_router

cisco · vedge_1000_router

cisco · vedge_100b_router

cisco · vedge_100m_router

cisco · vedge_100wm_router

· vedge_2000_router

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs