CVE-2021-1483 : A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. This vulnerability is due to improper handling of XML External Entity (XXE) entries when the affected software parses certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Published 2024-11-15 16:27:44

Updated 2024-11-18 17:11:57

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: XML external entity (XXE) injection

Products affected by CVE-2021-1483

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2021-1483

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 14 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-1483

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	3.1	2.7	Cisco Systems, Inc.	2024-11-15
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2021-1483

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
Assigned by:
- d1c1063e-7a18-46af-9102-31f8928bc633 (Primary)
- ykramarz@cisco.com (Primary)

References for CVE-2021-1483

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX

Cisco SD-WAN vManage Command Injection Vulnerability

CVEs referencing this url
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu

Cisco SD-WAN vManage Software Information Disclosure Vulnerability

CVEs referencing this url
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-xml-ext-entity-q6Z7uVUg

Cisco SD-WAN vManage XML External Entity Vulnerability

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-1483

Products affected by CVE-2021-1483

Exploit prediction scoring system (EPSS) score for CVE-2021-1483

CVSS scores for CVE-2021-1483

CWE ids for CVE-2021-1483

References for CVE-2021-1483