CVE-2021-1614

A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. This vulnerability is due to insufficient handling of malformed MPLS packets that are processed by a device that is running Cisco SD-WAN Software. An attacker could exploit this vulnerability by sending a crafted MPLS packet to an affected device that is running Cisco SD-WAN Software or Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.

A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. This vulnerability is due to insufficient handling of malformed MPLS packets that are processed by a device that is running Cisco SD-WAN Software. An attacker could exploit this vulnerability by sending a crafted MPLS packet to an affected device that is running Cisco SD-WAN Software or Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.

Una vulnerabilidad en la función de administración de paquetes Multiprotocol Label Switching (MPLS) del Software Cisco SD-WAN, podría permitir a un atacante remoto no autenticado acceder a la información almacenada en la memoria intermedia de MPLS. Esta vulnerabilidad es debido al manejo insuficiente de paquetes MPLS malformados que son procesados por un dispositivo que ejecuta el software Cisco SD-WAN. Un atacante podría explotar esta vulnerabilidad mediante el envío un paquete MPLS diseñado a un dispositivo afectado que ejecute el software Cisco SD-WAN o el software Cisco SD-WAN vManage. Una explotación con éxito podría permitir al atacante obtener acceso no autorizado a información confidencial