Unrated severityNVD Advisory· Published Jan 20, 2021· Updated Nov 12, 2024

Cisco SD-WAN Command Injection Vulnerabilities

CVE-2021-1261

Description

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authenticated local attacker with read-only CLI access can exploit insufficient input validation in tcpdump to execute arbitrary commands as root on Cisco SD-WAN devices.

Vulnerability

CVE-2021-1261 is a command injection vulnerability in the tcpdump CLI utility of Cisco SD-WAN Software [1]. The vulnerability stems from insufficient validation of user-supplied input to the tcpdump command. An authenticated, local attacker with read-only credentials can exploit this issue. The affected software includes Cisco SD-WAN products running vulnerable releases.

Exploitation

An attacker must have local CLI access to an affected Cisco SD-WAN device with read-only user privileges. The attacker then submits crafted input to the tcpdump command, which is executed without proper sanitization, allowing injection of arbitrary commands [1]. No user interaction beyond the attacker's own actions is required.

Impact

Successful exploitation allows the attacker to execute arbitrary commands with root privileges on the affected device. This grants full control over the system, enabling data disclosure, modification, or disruption of services [1].

Mitigation

Cisco has released software updates that address this vulnerability [1]. Users should upgrade to a fixed version as specified in the Cisco Security Advisory. There are no workarounds available [1].

References

Cisco Security Advisory: Cisco SD-WAN Command Injection Vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Citrix Systems/SD-WANllm-fuzzy
Cisco Systems, Inc./Cisco SD-WAN Solution softwarecpe-rescue
Range: n/a

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcnmitrevendor-advisoryx_refsource_CISCO

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000