Input validation

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. ...

Race condition

A vulnerability in the vDaemon process of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting in a denial of service DoS condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this...

CVE-2021-1281

A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit this vulnerabilit...

CVE-2021-1436

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...

CVE-2021-1431

A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service DoS condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this...

CVE-2021-1433

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when the device processes traffic. An attacker could exploit this...

CVE-2021-1434

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this...

Race condition

A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service DoS condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this...

Input validation

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these...

Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability

A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit this vulnerabilit...

CVE-2021-1233

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerabili...

Design/Logic Flaw

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. The vulnerability is due to incorrect permissions being set when the affected command is executed. An attacker could exploit this...

CVE-2020-3444

Cisco SD-WAN Software contains a vulnerability in packet filtering where improper traffic filtering conditions could allow an unauthenticated, remote attacker to bypass L3/L4 filters by sending crafted TCP packets to a targeted device, potentially injecting arbitrary packets into the network. Aff...

PT-2020-4642 · Cisco · Cisco Sd-Wan

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN Software affected versions not specified Description: The issue is related to the command-line interface CLI of Cisco SD-WAN Software, where insufficient input validation for specific commands could allow an authenticated, local...

Cisco IOS XE SD-WAN Software Command Injection Vulnerability (cisco-sa-xesdwcinj-AcQ5MxCn)

According to its self-reported version, Cisco IOS XE SD-WAN Software is affected by a command injection vulnerability. An authenticated attacker could allow to execute arbitrary command with root privileges due to insufficient input validation. Please see the included Cisco BIDs and Cisco Securit...

Cisc IOS XE SD-WAN Software License Issue Vulnerability

Cisco IOS and IOS XE are both products of Cisco. the CLI is one of the command-line interfaces. the SD-WAN Software is one of the software-defined WAN software packages. An authorization issue vulnerability exists in Cisco IOS XE SD-WAN Software versions 16.9.1 through 16.10.1, which stems from a...

Cisco IOS XE SD-WAN Software CLI Command Injection Vulnerability

Cisco IOS XE is a set of operating systems developed by Cisco for its network equipment.SD-WAN Software is one of the software-defined WAN software. A command injection vulnerability exists in the CLI in the Cisco IOS XE SD-WAN Software, which stems from a failure to perform sufficient input...

CVE-2019-16011

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to...

CVE-2019-16011 Cisco IOS XE SD-WAN Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to...

CVE-2019-1950 Cisco IOS XE SD-WAN Software Default Credentials Vulnerability

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to ...