Cyber Resilience

CVE-2021-1614

Medium

Published: 22 July 2021

Published
22 July 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0054 67.9th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-1614 is a medium-severity Buffer Over-read (CWE-126) vulnerability in Cisco Sd-Wan. Its CVSS base score is 5.3 (Medium).

Operationally, ranked in the top 32.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. This vulnerability is due to insufficient handling of malformed…

more

MPLS packets that are processed by a device that is running Cisco SD-WAN Software. An attacker could exploit this vulnerability by sending a crafted MPLS packet to an affected device that is running Cisco SD-WAN Software or Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
sd-wan
18.4.0 — 18.4.6 · 19.2.0 — 19.2.3 · 20.3 — 20.3.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References