Rewterz Threat Alert – A New Cybercrime Gang, UNC2529, Targets Several Countries Including the U.S. – Active IOCs
May 6, 2021Rewterz Threat Advisory – CVE-2021-29491 – Node.js Mixme Module Vulnerability
May 7, 2021Rewterz Threat Alert – A New Cybercrime Gang, UNC2529, Targets Several Countries Including the U.S. – Active IOCs
May 6, 2021Rewterz Threat Advisory – CVE-2021-29491 – Node.js Mixme Module Vulnerability
May 7, 2021Severity
High
Analysis Summary
CVE-2021-1284
A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the attacker must be able to access an associated Cisco SD-WAN vEdge device. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based messaging service interface of an affected system. A successful exploit could allow the attacker to gain unauthenticated read and write access to the affected vManage system.
Impact
- Unauthorized Access
- Security Bypass
- Unauthenticated Read and Write Access
Affected Vendors
Cisco
Affected Products
Cisco SD-WAN vManage Software.
Remediation
Refer to cisco advisory for the complete list of affected product and their respective patches