From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: Cisco SD-WAN vManage Software Privilege Escalation Vulnerability - Vulnerability ID: cisco-sa-sdwan-privesc-vman-kth3c82B - CVE ID: CVE-2021-1462 - CWE ID: CWE-20 - Release Date: March 3, 2021 - Severity: Medium 2. Vulnerability Impact: - Affected Product: Cisco SD-WAN vManage Software - Affected Versions: 18.4.6, 19.2.3, 20.1.2, 20.3.1, 20.4.1 3. Exploitation: - Exploitation Method: By logging into the affected system with an account having administrative privileges and creating a malicious file, which will be parsed later. - Exploitation Result: Allows an attacker to gain root privileges on the affected system. 4. Remediation: - Available Fix: Software updates have been released to address this vulnerability. - Workarounds: No workarounds are available. 5. Affected Products List: - Confirmed Affected Products: List of affected Cisco SD-WAN vManage Software versions. - Confirmed Unaffected Products: List of products not affected by this vulnerability. 6. Related Links: - Security Vulnerability Policy: Link to Cisco’s security vulnerability disclosure policy. - Subscribe to Security Notifications: Link to the page for subscribing to security notifications. - Related Vulnerabilities: Links to other vulnerabilities related to this one. 7. Source: - Discovery Path: The vulnerability was discovered during the resolution of a Cisco TAC support case. 8. Revision History: - Version: 1.0 - Description: Initial public release. - Status: Final - Date: March 3, 2021 9. Disclaimer: - Disclaimer: This document is provided "AS IS" without warranty of any kind, including but not limited to the warranties of merchantability or fitness for a particular purpose. The risk of using this document or any materials linked to it is solely at the user’s own discretion. Cisco reserves the right to modify or update this document at any time. This information provides detailed descriptions of the vulnerability, affected products, exploitation methods, remediation steps, and related links.