Cisco SD-WAN vManage XXE Vulnerability (CVE-2021-1483) Security Advisory

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: Cisco SD-WAN vManage XML External Entity Vulnerability - Vulnerability ID: cisco-sa-vman-xml-ext-entity-q6Z7uVUg - CVE Number: CVE-2021-1483 - CVSS Score: 6.4 2. Affected Products: - Affected Versions: Cisco SD-WAN vManage Software releases earlier than Release 20.5.1 - Products Confirmed Not Affected: None 3. Vulnerability Impact: - Vulnerability Type: XML External Entity (XXE) vulnerability - Attack Method: By tricking users into importing XML files containing malicious entries - Impact: Allows attackers to read and write files on the affected system 4. Remediation: - Fix Released: Cisco SD-WAN vManage Software releases 20.5.1 and later - Workarounds: None 5. Source: - Reporters: Julien Legras and Théo Louis-Tisserand of Synacktiv 6. Related Links: - Detailed Information: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-xml-ext-entity-q6Z7uVUg 7. Legal Disclaimer: - The document is provided "as is" without any warranty or guarantee, including but not limited to merchantability or fitness for a particular purpose. This information helps users understand the nature of the vulnerability, affected products, remediation steps, and how to obtain further details.

Goal Reached Thanks to every supporter — we hit 100%!

Cisco SD-WAN vManage XXE Vulnerability (CVE-2021-1483) Security Advisory