84 matches found
CVE-2021-1465
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP...
CVE-2021-1232
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that ...
CVE-2020-26073 Cisco SD-WAN vManage Directory Traversal Vulnerability
A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application...
CVE-2021-1234 Cisco SD-WAN vManage Information Disclosure Vulnerabilities
A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the vManage software must be in cluster mode. This vulnerability is due t...
CVE-2021-1232 Cisco SD-WAN vManage Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that ...
CVE-2021-1483
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. This vulnerability is due to improper handling of XML External Entity XXE entries when the affected...
CVE-2021-1481 Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...
CVE-2021-1483 Cisco SD-WAN vManage Software XML External Entity Vulnerability
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. This vulnerability is due to improper handling of XML External Entity XXE entries when the affected...
Access Control Error Vulnerability in Cisco SD-WAN vManage
Cisco SD-WAN vManage is a highly customizable dashboard from Cisco, Inc. that simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. An access control error vulnerability exists in Cisco SD-WAN vManage that stems from improperly enforced access control ...
CVE-2020-26065
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP...
Path traversal
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP...
CVE-2023-20214
A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is...
Cisco SD-WAN vManage 路径遍历漏洞
Cisco SD-WAN vManage is a highly customizable dashboard from Cisco, Inc. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. A security vulnerability exists in Cisco SD-WAN vManage that stems from improper filtering of directory traversal characte...
CVE-2023-20113
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...
Cisco SD-WAN vManage Software XSRF (cisco-sa-vman-csrf-76RDbLEh)
According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an...
Cisco Releases Security Patches for New Vulnerabilities Impacting Multiple Products
Cisco on Wednesday rolled out patches to address three security flaws affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit MLNXDPDK late last month. Tracked as CVE-2022-28199 CVSS score: 8.6, the vulnerability stems from a lack of proper error...
PT-2022-4706 · Cisco · Cisco Sd-Wan Vmanage
Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0...
CVE-2022-20734
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerabilit...
CVE-2022-20735
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...
Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software
Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller WLC that could be abused by an unauthenticated, remote attacker to take control of an affected system. Tracked as CVE-2022-20695, the issue has been rated 10 out of 10 for severity and...