Rewterz Threat Advisory –Multiple Cisco SD-WAN Software Vulnerabilities
July 22, 2021Rewterz Threat Advisory – Multiple Node.js Vulnerabilities
July 22, 2021Rewterz Threat Advisory –Multiple Cisco SD-WAN Software Vulnerabilities
July 22, 2021Rewterz Threat Advisory – Multiple Node.js Vulnerabilities
July 22, 2021Severity
High
Analysis Summary
CVE-2021-1600,CVE-2021-1601
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device.
Impact
- Sensitive Information
- Privilege escalation
- Unauthorized Access
Affected Vendors
Cisco
Affected Products
- Cisco Intersight Virtual Appliance
Remediation
Refer to Cisco Security Advisory for the patch, upgrade, or suggested workaround information.