27 matches found
CVE-2019-1624
CVE-2019-1624 affects Cisco SD-WAN vManage Web UI. Root cause: insufficient input validation allowing command injection by an authenticated, remote attacker submitting crafted input. Impact: commands executed with root privileges on the device. Affected: vManage Web UI within Cisco SD-WAN Solutio...
CVE-2022-20716
CVE-2022-20716 concerns Cisco SD-WAN Software where an authenticated, local attacker can gain escalated privileges due to improper access control on files. The root cause is file-level access control weaknesses within the CLI-facing components, enabling an attacker to modify certain files on the ...
CVE-2022-20775
Cisco CVE-2022-20775 affects the Cisco Catalyst SD-WAN Controller/Manager CLI. It is a local, authenticated privilege-escalation in the CLI caused by improper access controls on commands, enabling an attacker to run commands as root. Cisco released updates addressing this, with no workarounds. Af...
CVE-2020-3536
Cisco SD-WAN vManage Web UI is affected by a cross-site scripting (XSS) vulnerability due to improper validation of user input in a specific data field. An authenticated, remote attacker could inject malicious data to execute script code in the user's browser context. Cisco has released software ...
CVE-2020-3374
CVE-2020-3374 affects the Cisco SD-WAN vManage Software web-based management interface. The vulnerability arises from insufficient authorization checks, allowing an authenticated, remote attacker to bypass authorization and gain privileges beyond their login, potentially accessing sensitive infor...
CVE-2022-20818
Cisco SD-WAN Software CLI contains privilege-escalation vulnerabilities due to improper access controls on commands. An authenticated, local attacker could run malicious CLI commands to execute arbitrary commands as root. The issue requires access to the Viptela shell (SSH or local access). A con...
CVE-2020-3595
Cisco SD-WAN Software is affected by a local privilege-escalation vulnerability (CVE-2020-3595). The issue arises from incorrect permissions being set when executing the affected command, allowing an authenticated, local attacker to elevate to root on the underlying OS. Cisco’s advisory confirms ...
CVE-2023-20113
Cisco SD-WAN vManage Software suffers a cross-site request forgery (CSRF) vulnerability in its web-based management interface. An unauthenticated attacker can lure a logged-in user to click a crafted link, enabling arbitrary actions with the user’s privileges, including modifying configurations a...
CVE-2022-20930
Cisco SD-WAN Software CLI vulnerability (CVE-2022-20930) allows an authenticated, local attacker to inject commands via insufficient input validation, potentially overwriting arbitrary system files with root privileges and causing DoS. Affected component: CLI of Cisco SD-WAN Software. Root cause:...
CVE-2020-3375
CVE-2020-3375 affects Cisco SD-WAN Solution Software. The root cause is insufficient input validation leading to a buffer overflow in the affected component when processing crafted network traffic. An unauthenticated, remote attacker could exploit this to access restricted information, modify the...
CVE-2022-20850
Cisco CVE-2022-20850 concerns the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software. The root cause is insufficient input validation, enabling an authenticated, local attacker to inject arbitrary file path information to delete arbitrary files from the device filesystem. I...
CVE-2022-20844
Cisco SD-AVC on Cisco vManage exposes a GUI authentication flaw that can be exploited remotely via a default static username/password, potentially exposing device names, logs, and DNS server IPs. Affected component is the Cisco SD-AVC GUI accessible on self-managed cloud or local server installat...
CVE-2018-15387
The CVE-2018-15387 issue affects Cisco SD-WAN Solution (Cisco SD-WAN components) where improper certificate validation lets an unauthenticated, remote attacker bypass cert checks by supplying a system image signed with a crafted certificate, potentially deploying a crafted image. Connected source...
CVE-2021-1614
Summary of CVE-2021-1614 (Cisco SD-WAN) A vulnerability exists in the MPLS packet handling function of Cisco SD-WAN Software (and Cisco SD-WAN vManage) that could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. The root cause is insufficient h...
CVE-2020-27128
The Cisco SD-WAN vManage Software Arbitrary File Creation vulnerability (CVE-2020-27128) affects the application data endpoints and stems from improper validation of API requests, enabling an authenticated, remote attacker to perform directory traversal and write arbitrary files to an attacker-co...
CVE-2020-3600
CVE-2020-3600 describes a privilege-escalation vulnerability in Cisco SD-WAN Software. An authenticated, local attacker can exploit insufficient security controls on the CLI by using an affected CLI utility running on the system to gain root privileges. Affected software and versions are not enum...
CVE-2021-1612
CVE-2021-1612 affects Cisco IOS XE SD-WAN Software CLI. The issue arises from improper access controls on local files, enabling an authenticated, local attacker to place a symbolic link and overwrite arbitrary files on the device. Affected component is the CLI handling in Cisco IOS XE SD-WAN; exp...
CVE-2020-3593
Cisco SD-WAN Software contains a privilege-escalation vulnerability (CVE-2020-3593) that allows an authenticated, local attacker to gain root privileges on the host OS by sending a crafted request to a running utility. Root cause is insufficient input validation. Impact is elevated privileges wit...
CVE-2023-20034
CVE-2023-20034 affects Cisco SD-WAN vManage (Elasticsearch component). The issue arises from a static username/password configured on vManage, enabling an unauthenticated, remote attacker to access the Elasticsearch configuration database and view its content by sending a crafted HTTP request to ...
CVE-2020-3594
The CVE-2020-3594 entry describes a privilege-escalation in Cisco SD-WAN Software where an authenticated, local attacker can obtain root privileges due to insufficient input validation. The vulnerability can be exploited by supplying crafted options to a specific command, with successful exploita...
CVE-2020-3180
Cisco SD-WAN Solution Software is affected by a vulnerability due to an account with a default, static password. An unauthenticated, local attacker could exploit this to log in with root privileges, potentially compromising the device. The issue stems from a hardcoded/default credential scenario ...
CVE-2021-1589
Cisco SD-WAN vManage Software disaster recovery feature exposes credentials due to insufficient access restrictions on API endpoints. Multiple connected sources (NVD, CVE-List, Cisco advisory) confirm an authenticated, remote attacker could access administrative credentials by sending requests to...
CVE-2019-1646
CVE-2019-1646 describes a privilege-escalation vulnerability in the local CLI of the Cisco SD-WAN Solution. An authenticated, local attacker can exploit insufficient input sanitization on certain CLI commands to establish an interactive session with elevated privileges and then modify device conf...
CVE-2021-34726
Cisco SD-WAN Software Command Injection (CVE-2021-34726) affects the CLI of Cisco SD-WAN Software. Affected component: CLI command handling; root cause: insufficient input validation on certain CLI commands. Impact: authenticated, local attacker with administrative privileges could inject and exe...
CVE-2019-1650
Summary: CVE-2019-1650 affects Cisco SD-WAN Solution. The issue stems from improper input validation of the CLI save command, enabling an authenticated, remote attacker to overwrite arbitrary files on the device’s underlying OS and escalate privileges to root. Exploitation involves modifying the ...
CVE-2019-1648
CVE-2019-1648 affects Cisco SD-WAN Solution. A vulnerability in the user group configuration allows an authenticated, local attacker to write a crafted file to the directory containing the group config, bypassing validation and gaining root-level privileges. Impact is full device takeover. Sympto...
CVE-2019-1647
Cisco SD-WAN Solution contains an authentication bypass vulnerability in the vContainer/vSmart container architecture due to insecure default configuration. An authenticated adjacent attacker could directly connect to exposed services and access or modify critical system files across vSmart conta...