Sd-wan@20.3 Security Vulnerabilities and Issues — Sd-wan@20.3 CVE List

Lucene search

CiscoSd-wan20.3

8 matches found

CVE•added 2020/11/06 7:15 p.m.•71 views

CVE-2020-3595

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. The vulnerability is due to incorrect permissions being set when the affected command is executed. An attacker could exploit this vulnerabili...

7.8CVSS7.7AI score0.00027EPSS

CVE•added 2021/07/22 4:15 p.m.•57 views

CVE-2021-1614

A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. This vulnerability is due to insufficient handling of malformed MPLS packets that...

5.3CVSS5.4AI score0.00536EPSS

CVE•added 2020/11/06 7:15 p.m.•51 views

CVE-2020-3593

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to a utility t...

7.8CVSS7.5AI score0.00036EPSS

CVE•added 2020/11/06 7:15 p.m.•50 views

CVE-2020-3600

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient security controls on the CLI. An attacker could exploit this vulnerability by using an affected CLI utilit...

7.8CVSS7.6AI score0.00036EPSS

CVE•added 2021/09/23 3:15 a.m.•48 views

CVE-2021-1589

A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this vulne...

6.5CVSS6.5AI score0.00358EPSS

CVE•added 2020/11/06 7:15 p.m.•47 views

CVE-2020-3594

7.8CVSS7.6AI score0.00036EPSS

CVE•added 2023/09/27 6:15 p.m.•46 views

CVE-2023-20034

Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the presence...

7.5CVSS7.5AI score0.00416EPSS

CVE•added 2021/09/23 3:15 a.m.•40 views

CVE-2021-34726

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation on certain CLI...

7.2CVSS6.6AI score0.00146EPSS