2 matches found
Cisco SD-WAN vManage Software XXE (cisco-sa-vmanxml-Aj4GFEKd)
The version of Cisco SD-WAN vManage Software installed on the remote host is 19.2.2 or earlier. It is, therefore, affected by a vulnerability as referenced in the cisco-sa-vmanxml-Aj4GFEKd advisory. - A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated,...
CVE-2020-3405
Cisco SD-WAN vManage Software is affected by CVE-2020-3405 due to improper handling of XML External Entity (XXE) entries during parsing of XML files in the web UI. The issue enables an authenticated, remote attacker to read and write files stored by the application by persuading a user to import ...