CVE-2021-1278

high-risk

Published 2021-01-20

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Do I need to act?

1.1% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.6/10 High

NETWORK / LOW complexity

Affected Products (14)

Ios Xe Sd-Wan

Sd-Wan Firmware

Sd-Wan Vsmart Controller Firmware

Catalyst Sd-Wan Manager

Sd-Wan Vbond Orchestrator

Affected Vendors

Cisco

References (2)

Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-s...

/ 100

high-risk

Severity 29/34 · Critical

Exploitability 3/34 · Minimal

Exposure 18/34 · Moderate