CVE-2021-34712— Cisco SD-WAN vManage Software Cypher Query Language Injection Vulnerability

CVSS 5.4 · Medium EPSS 0.07% · P22 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-34712

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Cisco SD-WAN vManage Software Cypher Query Language Injection Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

数据查询逻辑中特殊元素的不当中和

Source: NVD (National Vulnerability Database)

Vulnerability Title

Cisco SD-WAN vManage Software 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Cisco SD-WAN vManage Software是美国思科（Cisco）公司的一款用于SD-WAN（软件定义广域网络）解决方案的管理软件。 Cisco SD-WAN vManage Software 存在安全漏洞，该漏洞源于web管理界面的输入验证不足造成的。该漏洞可能允许经过身份认证的远程攻击者对受影响的系统进行密码查询语言注入攻击。攻击者可以通过向受影响系统的接口发送精心设计的HTTP请求来利用这个漏洞。成功的攻击可以让攻击者可利用该漏洞获得敏感信息。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Cisco	Cisco SD-WAN vManage	n/a	-

II. Public POCs for CVE-2021-34712

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-34712

请登录查看更多情报信息。

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-jOsuRJCcvendor-advisoryx_refsource_CISCO
https://nvd.nist.gov/vuln/detail/CVE-2021-34712

Same Patch Batch · Cisco · 2021-09-23 · 33 CVEs total

CVE-2021-34770	10.0 CRITICAL	Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Exe
CVE-2021-1619	9.8 CRITICAL	Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability
CVE-2021-34727	9.8 CRITICAL	Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability
CVE-2021-1624	8.6 HIGH	Cisco IOS XE Software Rate Limiting Network Address Translation Denial of Service Vulnerab
CVE-2021-1622	8.6 HIGH	Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Common Open Policy Servi
CVE-2021-1615	8.6 HIGH	Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service V
CVE-2021-1611	8.6 HIGH	Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers EoGRE Denial of Servic
CVE-2021-1565	8.6 HIGH	Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Servi
CVE-2021-34769	8.6 HIGH	Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Servi
CVE-2021-34768	8.6 HIGH	Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Servi
CVE-2021-1419	7.8 HIGH	Cisco Access Points SSH Management Privilege Escalation Vulnerability
CVE-2021-1623	7.7 HIGH	Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Simple Network Managemen
CVE-2021-1620	7.7 HIGH	Cisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability
CVE-2021-34699	7.7 HIGH	Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability
CVE-2021-1621	7.4 HIGH	Cisco IOS XE Software Interface Queue Wedge Denial of Service Vulnerability
CVE-2021-34767	7.4 HIGH	Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers IPv6 Denial of Service
CVE-2021-34740	7.4 HIGH	Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vul
CVE-2021-34714	7.4 HIGH	Multiple Cisco Operating Systems Unidirectional Link Detection Denial of Service Vulnerabi
CVE-2021-34703	6.8 MEDIUM	Cisco IOS and IOS XE Software Link Layer Discovery Protocol Denial of Service Vulnerabilit
CVE-2021-34729	6.7 MEDIUM	Cisco IOS XE SD-WAN Software Command Injection Vulnerability

Showing top 20 of 33 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Cisco SD-WAN vManage

Same vendor: Cisco

Same weakness: CWE-943

V. Comments for CVE-2021-34712

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-34712— Cisco SD-WAN vManage Software Cypher Query Language Injection Vulnerability

I. Basic Information for CVE-2021-34712

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-34712

III. Intelligence Information for CVE-2021-34712

Same Patch Batch · Cisco · 2021-09-23 · 33 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-34712

Leave a comment