Cisco Update
1997Warning Date
Severity Level
Warning Number
Target Sector
22 April, 2021
● Medium
2021-2813
All
Description:
Cisco has released security updates to address several vulnerabilities in products under the following Cisco categories:
- Cisco SD-WAN vManage
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Command Injection
- XML external entity (XXE) attack
Best practice and Recommendations:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-c7z9QqyB
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-xml-ext-entity-q6Z7uVUg
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC