CVE-2021-1509

Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
ciscoCNA
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
ciscovedge_100_firmware
20.4 ≤
𝑥
< 20.4.1
ciscovedge_100_firmware
20.5 ≤
𝑥
< 20.5.1
ciscovedge_100_firmware
19.2.99
ciscovedge_1000_firmware
20.4 ≤
𝑥
< 20.4.1
ciscovedge_1000_firmware
20.5 ≤
𝑥
< 20.5.1
ciscovedge_1000_firmware
19.2.99
ciscovedge_100b_firmware
20.4 ≤
𝑥
< 20.4.1
ciscovedge_100b_firmware
20.5 ≤
𝑥
< 20.5.1
ciscovedge_100b_firmware
19.2.99
ciscovedge_100m_firmware
20.4 ≤
𝑥
< 20.4.1
ciscovedge_100m_firmware
20.5 ≤
𝑥
< 20.5.1
ciscovedge_100m_firmware
19.2.99
ciscovedge_100wm_firmware
20.4 ≤
𝑥
< 20.4.1
ciscovedge_100wm_firmware
20.5 ≤
𝑥
< 20.5.1
ciscovedge_100wm_firmware
19.2.99
ciscovedge_2000_firmware
20.4 ≤
𝑥
< 20.4.1
ciscovedge_2000_firmware
20.5 ≤
𝑥
< 20.5.1
ciscovedge_2000_firmware
19.2.99
ciscovedge_5000_firmware
20.4 ≤
𝑥
< 20.4.1
ciscovedge_5000_firmware
20.5 ≤
𝑥
< 20.5.1
ciscovedge_5000_firmware
19.2.99
ciscovedge_100b_firmware
20.4 ≤
𝑥
< 20.4.1
ciscovedge_100b_firmware
20.5 ≤
𝑥
< 20.5.1
ciscovedge_100b_firmware
19.2.99
ciscovedge_cloud_firmware
20.4 ≤
𝑥
< 20.4.1
ciscovedge_cloud_firmware
20.5 ≤
𝑥
< 20.5.1
ciscovedge_cloud_firmware
19.2.99
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-buffover-MWGucjtO
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-buffover-MWGucjtO