Unrated severityNVD Advisory· Published Apr 8, 2021· Updated Nov 8, 2024

Cisco SD-WAN vManage Software Vulnerabilities

CVE-2021-1137

Description

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Multiple vulnerabilities in Cisco SD-WAN vManage allow unauthenticated remote code execution or authenticated local privilege escalation.

Vulnerability

Cisco SD-WAN vManage Software contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or an authenticated, local attacker to gain escalated privileges. The specific vulnerabilities are detailed in Cisco Security Advisory cisco-sa-vmanage-YuTVWqy [1]. Affected versions are listed in the advisory.

Exploitation

For the remote code execution vulnerability, an unauthenticated attacker can exploit it over the network without user interaction. For the privilege escalation vulnerability, an attacker must have local access to the system and valid credentials. The advisory does not provide specific exploitation steps.

Impact

Successful exploitation of the remote code execution vulnerability allows an attacker to execute arbitrary code on the affected system. Successful exploitation of the privilege escalation vulnerability allows an authenticated local attacker to gain elevated privileges, potentially leading to full system compromise.

Mitigation

Cisco has released free software updates to address these vulnerabilities. Customers are advised to upgrade to the fixed versions specified in the advisory [1]. No workarounds are mentioned. Customers should consult the Cisco Security Advisory for the complete list of fixed releases.

References

Cisco Security Advisory: Cisco SD-WAN vManage Software Vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./SD-WAN vManagellm-fuzzy
Cisco Systems, Inc./Cisco SD-WAN Solution softwarecpe-rescue
Range: n/a

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqymitrevendor-advisoryx_refsource_CISCO

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000