CVE-2021-1461

medium

Description

Cisco SD-WAN Software could allow a remote authenticated malicious user to bypass security restrictions, caused by improper verification of digital signatures for patch images. By crafting an unsigned software patch, an attacker could exploit this vulnerability to boot a malicious software patch image.

Details

Source: Mitre, NVD

Published: 2021-03-11

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N