Details of VAR-202103-1603

ID

VAR-202103-1603

CVE

CVE-2021-1465

TITLE

Cisco Systems Cisco Catalyst SD-WAN Manager Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-021889

DESCRIPTION

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to write arbitrary files on the affected system. Cisco Systems Cisco Catalyst SD-WAN Manager Exists in a past traversal vulnerability.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2021-1465 // JVNDB: JVNDB-2021-021889

AFFECTED PRODUCTS

vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.7	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.1.1.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.5	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.302	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.099	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.8	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.7	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.5	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.303	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.1.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.6	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.5	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.8	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.31	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.6.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.10	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.1.12	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.2.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.097	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.0.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.3.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.2	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.3.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.1.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.1.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.929	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.9	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.4	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.8	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.4.0.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.8	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.6.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.1.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.4	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.4.0	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.2.0	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.10	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.6	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.7	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.0	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.5	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.5	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.3	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.7	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.9	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.3.1	Trust: 0.8

sources: JVNDB: JVNDB-2021-021889 // NVD: CVE-2021-1465

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com:	CVE-2021-1465
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2021-021889
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202103-315
value:	MEDIUM
Trust: 0.6

psirt@cisco.com:	CVE-2021-1465
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2021-021889
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-021889 // CNNVD: CNNVD-202103-315 // NVD: CVE-2021-1465

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	CWE-22	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [ others ]	Trust: 0.8
problemtype:	Path traversal (CWE-22) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-021889 // NVD: CVE-2021-1465

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202103-315

PATCH

title:	cisco-sa-vman-dir-trav-Bpwc5gtm	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-dir-trav-Bpwc5gtm	Trust: 0.8
title:	Cisco SD-WAN vManage Software Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=143726	Trust: 0.6

sources: JVNDB: JVNDB-2021-021889 // CNNVD: CNNVD-202103-315

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1465	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-021889	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0776	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-315	Trust: 0.6

sources: JVNDB: JVNDB-2021-021889 // CNNVD: CNNVD-202103-315 // NVD: CVE-2021-1465

REFERENCES

url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vman-dir-trav-bpwc5gtm	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1465	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.0776	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vman-dir-trav-bpwc5gtm	Trust: 0.6

sources: JVNDB: JVNDB-2021-021889 // CNNVD: CNNVD-202103-315 // NVD: CVE-2021-1465

SOURCES

db:	JVNDB	id:	JVNDB-2021-021889
db:	CNNVD	id:	CNNVD-202103-315
db:	NVD	id:	CVE-2021-1465

LAST UPDATE DATE

2025-08-06T22:57:07.992000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-021889	date:	2025-08-05T05:10:00
db:	CNNVD	id:	CNNVD-202103-315	date:	2021-03-05T00:00:00
db:	NVD	id:	CVE-2021-1465	date:	2025-08-04T14:33:15.410

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-021889	date:	2025-08-05T00:00:00
db:	CNNVD	id:	CNNVD-202103-315	date:	2021-03-03T00:00:00
db:	NVD	id:	CVE-2021-1465	date:	2024-11-18T16:15:11.350