Critical Vulnerability Information Vulnerability Description: Cisco SD-WAN vManage Software's cluster management interface contains an information disclosure vulnerability. Unauthenticated remote attackers can view sensitive information on affected systems. To be impacted, Cisco SD-WAN vManage Software must be operating in cluster mode. Vulnerability Identifiers: - Advisory ID: cisco-sa-sdwan-vmanageinfdis-LKrFpbv - CVE ID: CVE-2021-1535 - CWE ID: CWE-497 Risk Level: Medium CVSS Score: 3.3 (Base 5.3) Affected Products: - Cisco SD-WAN vManage Software versions prior to 20.5.1 Unaffected Products: - iOS XE SD-WAN Software - SD-WAN vBond Orchestrator Software - SD-WAN vEdge Cloud Routers - SD-WAN vEdge Routers - SD-WAN vSmart Controller Software Mitigation: No mitigations are available; users are advised to upgrade to a fixed version. Fixed Versions: Cisco SD-WAN vManage Software version 20.5.1 and later Public Disclosure and Exploitation: Cisco PSIRT has not observed any public disclosure or malicious exploitation of this vulnerability. Source: Discovered during internal security testing Link: Cisco Security Advisory