Login Sign Up

CVE-2021-1484

6.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in Cisco SD-WAN vManage Software allows authenticated remote attackers to inject arbitrary commands through the web UI's device template configuration, potentially causing a denial of service (DoS) condition. It affects organizations using Cisco SD-WAN vManage for network management. The vulnerability stems from improper input validation of user-supplied input.

💻 Affected Systems

Products:
  • Cisco SD-WAN vManage Software
Versions: Versions prior to 20.6.1
Operating Systems: Cisco SD-WAN vManage appliance/VM
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to the vManage web UI. All deployments with vulnerable versions are affected.

📦 What is this software?

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

Catalyst Sd Wan Manager by Cisco

View all CVEs affecting Catalyst Sd Wan Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing command execution with authenticated user privileges, potentially leading to persistent DoS or further network infiltration.

🟠

Likely Case

Authenticated attacker causes DoS condition on the vManage system, disrupting SD-WAN management operations.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing unauthorized access to the vManage interface.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access to the vManage web UI. The vulnerability is in the device template configuration feature.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 20.6.1 and later

Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX

Restart Required: Yes

Instructions:

1. Download the updated software from Cisco's support portal. 2. Backup current configuration. 3. Install the update following Cisco's SD-WAN upgrade procedures. 4. Verify the system is running version 20.6.1 or later.

🔧 Temporary Workarounds

No official workarounds

all

Cisco states there are no workarounds that address this vulnerability

🧯 If You Can't Patch

  • Restrict access to vManage web UI to only authorized administrators using network segmentation and firewall rules
  • Implement strict authentication controls and monitor for suspicious activity in vManage logs

🔍 How to Verify

Check if Vulnerable:

Check the vManage software version via the web UI (System > Software) or CLI using 'show version' command

Check Version:

show version | include Version

Verify Fix Applied:

Verify the system is running version 20.6.1 or later and test device template configuration functionality

📡 Detection & Monitoring

Log Indicators:

  • Unusual device template configuration changes
  • Multiple failed authentication attempts followed by template modifications
  • System logs showing unexpected process execution

Network Indicators:

  • Unusual traffic patterns to vManage web UI
  • Multiple authentication requests from single source

SIEM Query:

source="vmanage" AND (event_type="template_modification" OR event_type="command_execution")

📊 Metadata

CVE ID: CVE-2021-1484
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-88
Published: November 15, 2024
Last Updated: August 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-1484, you might also want to check these:

CVE-2023-6269 10.0

An argument injection vulnerability in Atos Unify OpenScape SBC, Branch, and BCF products allows una...

Same vulnerability type (CWE-88)
CVE-2024-47553 9.9

This vulnerability in Siemens SINEC Security Monitor allows authenticated low-privileged remote atta...

Same vulnerability type (CWE-88)
CVE-2024-39930 9.9

This vulnerability allows authenticated attackers to execute arbitrary code on Gogs servers by explo...

Same vulnerability type (CWE-88)