Cisco SD-WAN Solution Software Privilege Escalation (cisco-sa-vmpresc-SyzcS4kC)

According to its self-reported version, Cisco SD-WAN Solution Software is affected by a privilege escalation vulnerability due to insufficient input validation. An authenticated, local attacker can exploit this by sending a crafted request in order to gain administrative privileges. Please see th...

Cisco SD-WAN Solution Command Injection (cisco-sa-sdwclici-cvrQpH9v)

According to its self-reported version, Cisco SD-WAN Solution is affected by a command injection vulnerability due to insufficient input validation. An authenticated, local attacker can exploit this, by authenticating to the device and submitting crafted input to the CLI utility, in order to inje...

Cisco SD-WAN Solution vManage Cross-Site Request Forgery (cisco-sa-20191120-vman-csrf)

The version of Cisco SD-WAN Solution vManage installed on the remote host is affected by a vulnerability as referenced in the cisco-sa-20191120-vman-csrf advisory, as follows: - A vulnerability in the vManage web-based UI web UI of the Cisco SD-WAN Solution could allow an unauthenticated, remote...

Cisco SD-WAN Solution SQLI (cisco-sa-20200122-sdwan-sqlinj)

According to its self-reported version, Cisco SD-WAN vManage is affected by an SQL injection SQLI vulnerability in the web interface due to insufficient validation of user-supplied input. An authenticated, remote attacker can exploit this, by sending crafted input that includes SQL statements to ...

Cisco IOS XE SD-WAN Software Packet Filtering Bypass (cisco-sa-cedge-filt-bypass-Y6wZMqm4)

According to its self-reported version, Cisco SD-WAN Solution is affected by a packet filtering bypass vulnerability. The vulnerability is due to improper traffic filtering conditions on an affected device. An unauthenticated, remote attacker could exploit this vulnerability by crafting a malicio...

Cisco SD-WAN Solution Software Static Credentials (cisco-sa-sdscred-HfWWfqBj)

A vulnerability exists in Cisco SD-WAN Solution Software due to the device having an account with a default, static password. An unauthenticated, local attacker can exploit this, by using the default credentials, to log in with root privileges. TRUSTED...

Cisco SD-WAN Solution Software DoS (cisco-sa-sdw-dos-KWOdyHnB)

A denial of service DoS vulnerability exists in Cisco SD-WAN Solution Software due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An unauthenticated, remote attacker can exploit this issue, by sending crafted UDP messages to the targeted...

Cisco SD-WAN Solution Privilege Permission and Access Control Issues Vulnerability (CNVD-2020-42261)

Cisco SD-WAN Solution is a set of network extension solutions from Cisco. A privileged license and access control issue vulnerability exists in Cisco SD-WAN Solution, which stems from a user using a default static password. A local attacker could exploit this vulnerability to log in to an account...

Default credentials

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a user account with a...

Cisco SD-WAN Solution Software Denial of Service Vulnerability

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An attacker could exploit...

PT-2020-3116 · Cisco · Cisco Sd-Wan Solution

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN Solution Software affected versions not specified Description: The issue is related to the use of hardcoded credentials in the Cisco SD-WAN solution. An unauthenticated, local attacker could access an affected device by using an...

Cisco Releases Security Updates for IOS XE SD-WAN Solution Software

Cisco has released security updates to address a vulnerability in IOS XE SD-WAN Solution software. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Cisco...

Cisco SD-WAN Solution software Privilege Permission and Access Control Issues Vulnerability

Cisco SD-WAN Solution is a set of network extension solutions from Cisco. A privilege-granting and access-control issue vulnerability exists in Cisco SD-WAN Solution software prior to Release 19.2.2, which arises from the program's failure to adequately validate input. A local attacker can exploi...

CVE-2020-3266

A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating ...

CVE-2020-3264

A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device...

Input validation

A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating ...

Sql injection

A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web UI improperly validates SQL values. An attacker could exploit this vulnerability b...

CVE-2019-16012 Cisco SD-WAN Solution vManage SQL Injection Vulnerability

A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web UI improperly validates SQL values. An attacker could exploit this vulnerability b...

CVE-2020-3266 Cisco SD-WAN Solution Command Injection Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating ...

Cisco Releases Security Updates for SD-WAN Solution Software

Cisco has released security updates to address multiple vulnerabilities in SD-WAN Solution software. An attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories webpage. The...