CVE-2021-1528— Cisco SD-WAN Software Privilege Escalation Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-1528
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco SD-WAN Software Privilege Escalation Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this vulnerability by invoking a privileged process in the affected system. A successful exploit could allow the attacker to perform actions with the privileges of the root user.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
带着不必要的权限执行
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco SD-WAN Software 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco SD-WAN是美国思科(Cisco)公司的一种高度安全的云规模架构,具有开放性、可编程性和可扩展性。 Cisco SD-WAN Software 存在安全漏洞,该漏洞允许经过身份验证的本地攻击者在受影响的系统上获得更高的特权。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco SD-WAN Solution | n/a | - |
II. Public POCs for CVE-2021-1528
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-1528
请登录查看更多情报信息。
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-fuErCWwFvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2021-1528
Same Patch Batch · Cisco · 2021-06-04 · 15 CVEs total
| CVE-2021-1540 | 8.1 HIGH | Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities |
| CVE-2021-1539 | 8.1 HIGH | Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities |
| CVE-2021-1526 | 7.8 HIGH | Cisco Webex Player Memory Corruption Vulnerability |
| CVE-2021-1503 | 7.8 HIGH | Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability |
| CVE-2021-1502 | 7.8 HIGH | Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability |
| CVE-2021-1564 | 6.5 MEDIUM | Cisco Video Surveillance 7000 Series IP Cameras Cisco Discovery and Link Layer Discovery P |
| CVE-2021-1563 | 6.5 MEDIUM | Cisco Video Surveillance 7000 Series IP Cameras Cisco Discovery and Link Layer Discovery P |
| CVE-2021-1537 | 6.2 MEDIUM | Cisco ThousandEyes Recorder Information Disclosure Vulnerability |
| CVE-2021-1544 | 5.5 MEDIUM | Cisco Webex Meetings Client Software Logging Information Disclosure Vulnerability |
| CVE-2021-1527 | 5.3 MEDIUM | Cisco Webex Player Memory Corruption Vulnerability |
| CVE-2021-1517 | 5.0 MEDIUM | Cisco Webex Meetings and Webex Meetings Server Multimedia Sharing Security Bypass Vulnerab |
| CVE-2021-1536 | 4.8 MEDIUM | Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulner |
| CVE-2021-1538 | 4.7 MEDIUM | Cisco Common Services Platform Collector Command Injection Vulnerability |
| CVE-2021-1525 | 4.7 MEDIUM | Cisco Webex Meetings and Webex Meetings Server File Redirect Vulnerability |
IV. Related Vulnerabilities
Same product: Cisco SD-WAN Solution
- CVE-2023-20262
Cisco Catalyst SD-WAN Manager 安全漏洞 - CVE-2022-20850
Cisco SD-WAN Arbitrary File Deletion Vulnerability - CVE-2022-20818
Cisco SD-WAN Software Privilege Escalation Vulnerabilities - CVE-2022-20716
Cisco SD-WAN Solution Improper Access Control Vulnerability - CVE-2021-1546
Cisco SD-WAN Software Information Disclosure Vulnerability
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-250
- CVE-2026-42088
OpenC3 COSMOS: Administrative Actions via the Script Runner - CVE-2026-40550
Privilege Escalation in mpGabinet - CVE-2026-25908
Dell Alienware Command Center 安全漏洞 - CVE-2026-4667
HP System Optimizer - Escalation of Privilege - CVE-2026-33793
Junos OS and Junos OS Evolved: When an unsigned Python op sc
V. Comments for CVE-2021-1528
No comments yet