Details of VAR-202103-1589

ID

VAR-202103-1589

CVE

CVE-2021-1470

TITLE

Cisco Systems Cisco Catalyst SD-WAN Manager Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-021872

DESCRIPTION

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected system. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the vManage database or the underlying operating system.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. Cisco Systems Cisco Catalyst SD-WAN Manager There is an input validation vulnerability in.Information may be tampered with

Trust: 1.62

sources: NVD: CVE-2021-1470 // JVNDB: JVNDB-2021-021872

AFFECTED PRODUCTS

vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.6	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.32	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.5	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.2	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.3.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.099	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.1.2_937	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.3.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.3.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.1.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.5	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.1.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.303	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.1.12	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.9	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.8	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.6.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.1.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.7	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.7	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.097	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.0.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.2.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.302	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.1.2	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.8	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.1.1.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.5	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.501_es	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.0.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.6	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.098	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.929	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.10	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.0.1a	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.6	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.31	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.7	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.10	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.3.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.7	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.4.0	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.5	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.2.0	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.4	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.4	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.0	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.5	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.1.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.9	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.3	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.6	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.6.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.6	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.8	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.8	Trust: 0.8

sources: JVNDB: JVNDB-2021-021872 // NVD: CVE-2021-1470

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com:	CVE-2021-1470
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2021-021872
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202103-307
value:	MEDIUM
Trust: 0.6

psirt@cisco.com:	CVE-2021-1470
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2021-021872
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-021872 // CNNVD: CNNVD-202103-307 // NVD: CVE-2021-1470

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	CWE-89	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [ others ]	Trust: 0.8
problemtype:	SQL injection (CWE-89) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-021872 // NVD: CVE-2021-1470

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202103-307

PATCH

title:	cisco-sa-vmanage-cql-inject-c7z9QqyB	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-sqlinj-HDJUeEAX	Trust: 0.8
title:	Cisco SD-WAN vManage Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=143717	Trust: 0.6

sources: JVNDB: JVNDB-2021-021872 // CNNVD: CNNVD-202103-307

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1470	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-021872	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0776	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-307	Trust: 0.6

sources: JVNDB: JVNDB-2021-021872 // CNNVD: CNNVD-202103-307 // NVD: CVE-2021-1470

REFERENCES

url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmanage-cql-inject-c7z9qqyb	Trust: 1.0
url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdw-sqlinj-hdjueeax	Trust: 1.0
url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vman-auth-bypass-z3zze5xc	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1470	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdw-sqlinj-hdjueeax	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0776	Trust: 0.6

sources: JVNDB: JVNDB-2021-021872 // CNNVD: CNNVD-202103-307 // NVD: CVE-2021-1470

SOURCES

db:	JVNDB	id:	JVNDB-2021-021872
db:	CNNVD	id:	CNNVD-202103-307
db:	NVD	id:	CVE-2021-1470

LAST UPDATE DATE

2025-07-04T23:23:47.593000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-021872	date:	2025-07-01T05:28:00
db:	CNNVD	id:	CNNVD-202103-307	date:	2021-03-05T00:00:00
db:	NVD	id:	CVE-2021-1470	date:	2025-06-24T14:35:38.113

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-021872	date:	2025-07-01T00:00:00
db:	CNNVD	id:	CNNVD-202103-307	date:	2021-03-03T00:00:00
db:	NVD	id:	CVE-2021-1470	date:	2024-11-15T17:15:07.977