Critical Cisco SD-WAN Bugs Allow RCE Attacks

Cisco is warning of multiple, critical vulnerabilities in its software-defined networking for wide-area networks SD-WAN solutions for business users. Cisco issued patches addressing eight buffer-overflow and command-injection SD-WAN vulnerabilities. The most serious of these flaws could be...

CVE-2021-1219

A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this...

CVE-2021-1141

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory...

CVE-2021-1139

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory...

CVE-2021-1222

A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values...

CVE-2021-1222

A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values...

Sql injection

A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values...

Design/Logic Flaw

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory...

Design/Logic Flaw

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory...

CVE-2021-1222 Cisco Smart Software Manager Satellite SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values...

Cisco Smart Software Manager 操作系统命令注入漏洞

Cisco Smart Software Manager Satellite is software designed to provide intelligent management of licenses. A command injection vulnerability exists in the WEB UI of Cisco Smart Software Manager Satellite 5.1.0 and prior versions. The vulnerability stems from the program not properly validating...

Cisco Smart Software Manager 信任管理问题漏洞

Cisco Smart Software Manager Satellite is a Cisco component for Cisco product license management. A static credentials vulnerability exists in Cisco Smart Software Manager Satellite version 5.1.0 and earlier. The vulnerability stems from inadequate protection of static credentials. An attacker ca...