35 matches found
Cisco SD-WAN Solution Software Privilege Escalation (cisco-sa-vmpresc-SyzcS4kC)
According to its self-reported version, Cisco SD-WAN Solution Software is affected by a privilege escalation vulnerability due to insufficient input validation. An authenticated, local attacker can exploit this by sending a crafted request in order to gain administrative privileges. Please see th...
Cisco SD-WAN Solution Command Injection (cisco-sa-sdwclici-cvrQpH9v)
According to its self-reported version, Cisco SD-WAN Solution is affected by a command injection vulnerability due to insufficient input validation. An authenticated, local attacker can exploit this, by authenticating to the device and submitting crafted input to the CLI utility, in order to inje...
Cisco SD-WAN Solution SQLI (cisco-sa-20200122-sdwan-sqlinj)
According to its self-reported version, Cisco SD-WAN vManage is affected by an SQL injection SQLI vulnerability in the web interface due to insufficient validation of user-supplied input. An authenticated, remote attacker can exploit this, by sending crafted input that includes SQL statements to ...
Cisco SD-WAN Solution vManage Cross-Site Request Forgery (cisco-sa-20191120-vman-csrf)
The version of Cisco SD-WAN Solution vManage installed on the remote host is affected by a vulnerability as referenced in the cisco-sa-20191120-vman-csrf advisory, as follows: - A vulnerability in the vManage web-based UI web UI of the Cisco SD-WAN Solution could allow an unauthenticated, remote...
Cisco IOS XE SD-WAN Software Packet Filtering Bypass (cisco-sa-cedge-filt-bypass-Y6wZMqm4)
According to its self-reported version, Cisco SD-WAN Solution is affected by a packet filtering bypass vulnerability. The vulnerability is due to improper traffic filtering conditions on an affected device. An unauthenticated, remote attacker could exploit this vulnerability by crafting a malicio...
Cisco SD-WAN Solution Software Static Credentials (cisco-sa-sdscred-HfWWfqBj)
A vulnerability exists in Cisco SD-WAN Solution Software due to the device having an account with a default, static password. An unauthenticated, local attacker can exploit this, by using the default credentials, to log in with root privileges. TRUSTED...
Cisco SD-WAN Solution Software DoS (cisco-sa-sdw-dos-KWOdyHnB)
A denial of service DoS vulnerability exists in Cisco SD-WAN Solution Software due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An unauthenticated, remote attacker can exploit this issue, by sending crafted UDP messages to the targeted...
Default credentials
A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a user account with a...
Cisco SD-WAN Solution Software Denial of Service Vulnerability
A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An attacker could exploit...
Cisco SD-WAN Solution software Privilege Permission and Access Control Issues Vulnerability
Cisco SD-WAN Solution is a set of network extension solutions from Cisco. A privilege-granting and access-control issue vulnerability exists in Cisco SD-WAN Solution software prior to Release 19.2.2, which arises from the program's failure to adequately validate input. A local attacker can exploi...
CVE-2020-3266
A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating ...
CVE-2020-3264
A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device...
Sql injection
A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web UI improperly validates SQL values. An attacker could exploit this vulnerability b...
Input validation
A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating ...
CVE-2019-16012 Cisco SD-WAN Solution vManage SQL Injection Vulnerability
A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web UI improperly validates SQL values. An attacker could exploit this vulnerability b...
CVE-2020-3266 Cisco SD-WAN Solution Command Injection Vulnerability
A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating ...
CVE-2020-3115
A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this...
Sql injection
A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could...
CVE-2019-12619 Cisco SD-WAN Solution SQL Injection Vulnerability
A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could...
CVE-2019-12629 Cisco SD-WAN vManage Command Injection Vulnerability
A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in t...