Lucene search
K
CiscoVsmart Controller

19 matches found

CVE
CVE
added 2021/06/04 4:45 p.m.85 views

CVE-2021-1528

CVE-2021-1528 affects Cisco SD-WAN Software. The vulnerability is in the CLI where access to privileged processes is not properly restricted, allowing an authenticated, local attacker to escalate privileges and potentially execute actions with root-level privileges. Impact is elevated privileges ...

7.8CVSS7.6AI score0.00248EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.65 views

CVE-2018-0344

The CVE-2018-0344 entry describes a vulnerability in the Cisco SD-WAN Solution where the vManage dashboard’s login parameter validation is insufficient, enabling an authenticated, remote attacker to inject and execute arbitrary commands with vManage user privileges by configuring a malicious user...

7.2CVSS7.3AI score0.02048EPSS
CVE
CVE
added 2020/07/16 5:21 p.m.62 views

CVE-2020-3379

Cisco SD-WAN Solution Software has a privilege-escalation vulnerability due to insufficient input validation. An authenticated, local attacker can exploit a crafted request to gain administrative privileges on the underlying OS. Affected component is the Cisco SD-WAN Solution Software; impact is ...

7.8CVSS6.2AI score0.00336EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.61 views

CVE-2018-0343

The CVE-2018-0343 issue affects Cisco SD-WAN Solution components running before Release 18.3.0, including vBond Orchestrator, vEdge routers, vManage, and vSmart. Root cause: insufficient access restrictions on the HTTP management interface of the Configuration and Management Service, allowing an ...

8.8CVSS8.8AI score0.01964EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.58 views

CVE-2018-0345

The CVE-2018-0345 issue exists in Cisco SD-WAN’s configuration and management database, caused by insufficient validation of command arguments. An authenticated, remote attacker could run arbitrary commands with the privileges of the vmanage user, affecting vBond Orchestrator, vManage Network Man...

9CVSS8.9AI score0.03EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.58 views

CVE-2018-0349

Cisco SD-WAN Solution contains a vulnerability (CVE-2018-0349) where an authenticated, remote attacker could overwrite arbitrary files on the device by abusing improper input validation of the request admin-tech command in the CLI. A successful exploit could escalate privileges to root. Affected ...

10CVSS9.5AI score0.03046EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.56 views

CVE-2018-0342

The CVE-2018-0342 issue affects Cisco SD-WAN Solution components (vBond Orchestrator, vEdge routers, vManage, vSmart, etc.) prior to Release 18.3.0, caused by incomplete bounds checks in the Configuration and Monitoring Service. Exploitation involves sending malicious data to the vDaemon listenin...

7.2CVSS7.3AI score0.00452EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.55 views

CVE-2018-0350

Cisco SD-WAN Solution VPN subsystem command injection (CVE-2018-0350) is caused by insufficient input validation in the VPN configuration parameters. An authenticated, remote attacker could submit crafted input after authenticating to the device and execute commands with root privileges. Affected...

9CVSS8.6AI score0.03054EPSS
CVE
CVE
added 2020/07/16 5:21 p.m.55 views

CVE-2020-3351

CVE-2020-3351 is a denial-of-service vulnerability in Cisco SD-WAN Solution Software caused by improper validation of fields in Cisco SD-WAN peering messages encapsulated in UDP packets. An unauthenticated, remote attacker can send crafted UDP messages to trigger a DoS affecting the targeted devi...

8.6CVSS8.5AI score0.01374EPSS
CVE
CVE
added 2019/01/24 3:0 p.m.53 views

CVE-2019-1646

CVE-2019-1646 describes a privilege-escalation vulnerability in the local CLI of the Cisco SD-WAN Solution. An authenticated, local attacker can exploit insufficient input sanitization on certain CLI commands to establish an interactive session with elevated privileges and then modify device conf...

7.8CVSS7.8AI score0.00446EPSS
CVE
CVE
added 2019/01/24 3:0 p.m.52 views

CVE-2019-1650

Summary: CVE-2019-1650 affects Cisco SD-WAN Solution. The issue stems from improper input validation of the CLI save command, enabling an authenticated, remote attacker to overwrite arbitrary files on the device’s underlying OS and escalate privileges to root. Exploitation involves modifying the ...

9CVSS9AI score0.03475EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.50 views

CVE-2018-0348

Cisco SD-WAN Solution CVE-2018-0348 is a command-injection vulnerability in the CLI due to insufficient input validation. It affects vBond Orchestrator Software, vEdge 100/1000/2000/5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, and vSmart Controller Softwa...

9CVSS7.2AI score0.02895EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.50 views

CVE-2018-0351

Cisco SD-WAN Solution contains a local command injection vulnerability in the command-line tcpdump utility. The issue arises from insufficient input validation, enabling an authenticated, local attacker to submit crafted input to tcpdump and execute commands with root privileges. Affected product...

7.8CVSS7.5AI score0.00471EPSS
CVE
CVE
added 2019/01/24 3:0 p.m.50 views

CVE-2019-1648

CVE-2019-1648 affects Cisco SD-WAN Solution. A vulnerability in the user group configuration allows an authenticated, local attacker to write a crafted file to the directory containing the group config, bypassing validation and gaining root-level privileges. Impact is full device takeover. Sympto...

7.8CVSS7.7AI score0.00372EPSS
CVE
CVE
added 2019/01/24 3:0 p.m.49 views

CVE-2019-1647

Cisco SD-WAN Solution contains an authentication bypass vulnerability in the vContainer/vSmart container architecture due to insecure default configuration. An authenticated adjacent attacker could directly connect to exposed services and access or modify critical system files across vSmart conta...

8CVSS8AI score0.00808EPSS
CVE
CVE
added 2019/01/24 3:0 p.m.49 views

CVE-2019-1651

CVE-2019-1651 affects Cisco SD-WAN Solution, specifically the vContainer component. The flaw is a buffer overflow caused by improper bounds checking in vContainer, which an authenticated, remote attacker could exploit by sending a malicious file to an affected vContainer instance. Successful expl...

9.9CVSS9.5AI score0.04853EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.48 views

CVE-2018-0347

CVE-2018-0347 concerns Cisco SD-WAN Solution ZTP: an authenticated, local attacker can inject commands with root privileges due to insufficient input validation. Affected are vEdge 100/1000/2000/5000 Series routers running releases prior to 18.3.0. Cisco’s advisory and associated CVE record confi...

7.8CVSS7.6AI score0.00475EPSS
CVE
CVE
added 2018/10/05 2:0 p.m.47 views

CVE-2018-0433

CVE-2018-0433 describes a local, authenticated command-injection vulnerability in the Cisco SD-WAN Solution CLI caused by insufficient input validation. Affected: Cisco SD-WAN Solution (CLI) on eligible devices; an attacker who can authenticate to the CLI can craft input that leads to arbitrary c...

7.8CVSS7.7AI score0.0045EPSS
CVE
CVE
added 2018/07/18 11:0 p.m.46 views

CVE-2018-0346

Cisco SD-WAN Solution Zero Touch Provisioning contains a DoS vulnerability (CVE-2018-0346) in the Zero Touch Provisioning service on vBond Orchestrator, vManage, and vSmart software prior to release 18.3.0. The issue stems from improper bounds checks on values in packets sent to the service, whic...

7.8CVSS7.8AI score0.02012EPSS