CVE-2021-1509 : Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root us

Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Published 2021-05-06 13:15:11

Updated 2023-02-16 03:24:33

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2021-1509

Probability of exploitation activity in the next 30 days: 0.11%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 42 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-1509

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
8.5	HIGH	AV:N/AC:M/Au:S/C:C/I:C/A:C	6.8	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.5	HIGH	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	1.6	5.9	Cisco Systems, Inc.
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.5	HIGH	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	1.6	5.9	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-1509

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: ykramarz@cisco.com (Primary)

References for CVE-2021-1509

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-buffover-MWGucjtO

Cisco SD-WAN vEdge Software Buffer Overflow Vulnerabilities
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2021-1509

Cisco » Vedge 100 Firmware
Versions from including (>=) 20.5 and before (<) 20.5.1
cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 100 » Version: N/A
Cisco » Vedge 100 Firmware
Versions from including (>=) 20.4 and before (<) 20.4.1
cpe:2.3:o:cisco:vedge_100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 100 » Version: N/A
Cisco » Vedge 100 Firmware » Version: 19.2.99
cpe:2.3:o:cisco:vedge_100_firmware:19.2.99:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 100 » Version: N/A
Cisco » Vedge 1000 Firmware
Versions from including (>=) 20.4 and before (<) 20.4.1
cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 1000 » Version: N/A
Cisco » Vedge 1000 Firmware
Versions from including (>=) 20.5 and before (<) 20.5.1
cpe:2.3:o:cisco:vedge_1000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 1000 » Version: N/A
Cisco » Vedge 1000 Firmware » Version: 19.2.99
cpe:2.3:o:cisco:vedge_1000_firmware:19.2.99:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 1000 » Version: N/A
Cisco » Vedge 2000 Firmware
Versions from including (>=) 20.4 and before (<) 20.4.1
cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 2000 » Version: N/A
Cisco » Vedge 2000 Firmware
Versions from including (>=) 20.5 and before (<) 20.5.1
cpe:2.3:o:cisco:vedge_2000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 2000 » Version: N/A
Cisco » Vedge 2000 Firmware » Version: 19.2.99
cpe:2.3:o:cisco:vedge_2000_firmware:19.2.99:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 2000 » Version: N/A
Cisco » Vedge 5000 Firmware
Versions from including (>=) 20.4 and before (<) 20.4.1
cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 5000 » Version: N/A
Cisco » Vedge 5000 Firmware
Versions from including (>=) 20.5 and before (<) 20.5.1
cpe:2.3:o:cisco:vedge_5000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 5000 » Version: N/A
Cisco » Vedge 5000 Firmware » Version: 19.2.99
cpe:2.3:o:cisco:vedge_5000_firmware:19.2.99:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 5000 » Version: N/A
Cisco » Vedge 100b Firmware
Versions from including (>=) 20.5 and before (<) 20.5.1
cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 100b » Version: N/A
Cisco » Vedge 100b Firmware
Versions from including (>=) 20.4 and before (<) 20.4.1
cpe:2.3:o:cisco:vedge_100b_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 100b » Version: N/A
Cisco » Vedge 100b Firmware » Version: 19.2.99
cpe:2.3:o:cisco:vedge_100b_firmware:19.2.99:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 100b » Version: N/A
Cisco » Vedge 100m Firmware
Versions from including (>=) 20.4 and before (<) 20.4.1
cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 100m » Version: N/A
Cisco » Vedge 100m Firmware
Versions from including (>=) 20.5 and before (<) 20.5.1
cpe:2.3:o:cisco:vedge_100m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 100m » Version: N/A
Cisco » Vedge 100m Firmware » Version: 19.2.99
cpe:2.3:o:cisco:vedge_100m_firmware:19.2.99:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 100m » Version: N/A
Cisco » Vedge 100wm Firmware
Versions from including (>=) 20.4 and before (<) 20.4.1
cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 100wm » Version: N/A
Cisco » Vedge 100wm Firmware
Versions from including (>=) 20.5 and before (<) 20.5.1
cpe:2.3:o:cisco:vedge_100wm_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 100wm » Version: N/A
Cisco » Vedge 100wm Firmware » Version: 19.2.99
cpe:2.3:o:cisco:vedge_100wm_firmware:19.2.99:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge 100wm » Version: N/A
Cisco » Vedge Cloud Firmware
Versions from including (>=) 20.5 and before (<) 20.5.1
cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge Cloud » Version: N/A
Cisco » Vedge Cloud Firmware
Versions from including (>=) 20.4 and before (<) 20.4.1
cpe:2.3:o:cisco:vedge_cloud_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge Cloud » Version: N/A
Cisco » Vedge Cloud Firmware » Version: 19.2.99
cpe:2.3:o:cisco:vedge_cloud_firmware:19.2.99:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Vedge Cloud » Version: N/A

Vulnerability Details : CVE-2021-1509

Exploit prediction scoring system (EPSS) score for CVE-2021-1509

CVSS scores for CVE-2021-1509

CWE ids for CVE-2021-1509

References for CVE-2021-1509

Products affected by CVE-2021-1509