Lucene search
K
CiscoVbond Orchestrator

15 matches found

CVE
CVE
added 2018/07/18 11:0 p.m.65 views

CVE-2018-0344

The CVE-2018-0344 entry describes a vulnerability in the Cisco SD-WAN Solution where the vManage dashboard’s login parameter validation is insufficient, enabling an authenticated, remote attacker to inject and execute arbitrary commands with vManage user privileges by configuring a malicious user...

7.2CVSS7.3AI score0.02048EPSS
CVE
CVE
added 2020/07/16 5:21 p.m.62 views

CVE-2020-3379

Cisco SD-WAN Solution Software has a privilege-escalation vulnerability due to insufficient input validation. An authenticated, local attacker can exploit a crafted request to gain administrative privileges on the underlying OS. Affected component is the Cisco SD-WAN Solution Software; impact is ...

7.8CVSS6.2AI score0.00336EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.61 views

CVE-2018-0343

The CVE-2018-0343 issue affects Cisco SD-WAN Solution components running before Release 18.3.0, including vBond Orchestrator, vEdge routers, vManage, and vSmart. Root cause: insufficient access restrictions on the HTTP management interface of the Configuration and Management Service, allowing an ...

8.8CVSS8.8AI score0.01964EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.58 views

CVE-2018-0345

The CVE-2018-0345 issue exists in Cisco SD-WAN’s configuration and management database, caused by insufficient validation of command arguments. An authenticated, remote attacker could run arbitrary commands with the privileges of the vmanage user, affecting vBond Orchestrator, vManage Network Man...

9CVSS8.9AI score0.03EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.58 views

CVE-2018-0349

Cisco SD-WAN Solution contains a vulnerability (CVE-2018-0349) where an authenticated, remote attacker could overwrite arbitrary files on the device by abusing improper input validation of the request admin-tech command in the CLI. A successful exploit could escalate privileges to root. Affected ...

10CVSS9.5AI score0.03046EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.56 views

CVE-2018-0342

The CVE-2018-0342 issue affects Cisco SD-WAN Solution components (vBond Orchestrator, vEdge routers, vManage, vSmart, etc.) prior to Release 18.3.0, caused by incomplete bounds checks in the Configuration and Monitoring Service. Exploitation involves sending malicious data to the vDaemon listenin...

7.2CVSS7.3AI score0.00452EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.55 views

CVE-2018-0350

Cisco SD-WAN Solution VPN subsystem command injection (CVE-2018-0350) is caused by insufficient input validation in the VPN configuration parameters. An authenticated, remote attacker could submit crafted input after authenticating to the device and execute commands with root privileges. Affected...

9CVSS8.6AI score0.03054EPSS
CVE
CVE
added 2019/01/24 3:0 p.m.53 views

CVE-2019-1646

CVE-2019-1646 describes a privilege-escalation vulnerability in the local CLI of the Cisco SD-WAN Solution. An authenticated, local attacker can exploit insufficient input sanitization on certain CLI commands to establish an interactive session with elevated privileges and then modify device conf...

7.8CVSS7.8AI score0.00446EPSS
CVE
CVE
added 2019/01/24 3:0 p.m.52 views

CVE-2019-1650

Summary: CVE-2019-1650 affects Cisco SD-WAN Solution. The issue stems from improper input validation of the CLI save command, enabling an authenticated, remote attacker to overwrite arbitrary files on the device’s underlying OS and escalate privileges to root. Exploitation involves modifying the ...

9CVSS9AI score0.03475EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.50 views

CVE-2018-0348

Cisco SD-WAN Solution CVE-2018-0348 is a command-injection vulnerability in the CLI due to insufficient input validation. It affects vBond Orchestrator Software, vEdge 100/1000/2000/5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, and vSmart Controller Softwa...

9CVSS7.2AI score0.02895EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.50 views

CVE-2018-0351

Cisco SD-WAN Solution contains a local command injection vulnerability in the command-line tcpdump utility. The issue arises from insufficient input validation, enabling an authenticated, local attacker to submit crafted input to tcpdump and execute commands with root privileges. Affected product...

7.8CVSS7.5AI score0.00471EPSS
CVE
CVE
added 2019/01/24 3:0 p.m.50 views

CVE-2019-1648

CVE-2019-1648 affects Cisco SD-WAN Solution. A vulnerability in the user group configuration allows an authenticated, local attacker to write a crafted file to the directory containing the group config, bypassing validation and gaining root-level privileges. Impact is full device takeover. Sympto...

7.8CVSS7.7AI score0.00372EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.48 views

CVE-2018-0347

CVE-2018-0347 concerns Cisco SD-WAN Solution ZTP: an authenticated, local attacker can inject commands with root privileges due to insufficient input validation. Affected are vEdge 100/1000/2000/5000 Series routers running releases prior to 18.3.0. Cisco’s advisory and associated CVE record confi...

7.8CVSS7.6AI score0.00475EPSS
CVE
CVE
added 2018/10/05 2:0 p.m.47 views

CVE-2018-0433

CVE-2018-0433 describes a local, authenticated command-injection vulnerability in the Cisco SD-WAN Solution CLI caused by insufficient input validation. Affected: Cisco SD-WAN Solution (CLI) on eligible devices; an attacker who can authenticate to the CLI can craft input that leads to arbitrary c...

7.8CVSS7.7AI score0.0045EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.46 views

CVE-2018-0346

Cisco SD-WAN Solution Zero Touch Provisioning contains a DoS vulnerability (CVE-2018-0346) in the Zero Touch Provisioning service on vBond Orchestrator, vManage, and vSmart software prior to release 18.3.0. The issue stems from improper bounds checks on values in packets sent to the service, whic...

7.8CVSS7.8AI score0.02012EPSS