19 matches found
CVE-2021-1528
CVE-2021-1528 affects Cisco SD-WAN Software. The vulnerability is in the CLI where access to privileged processes is not properly restricted, allowing an authenticated, local attacker to escalate privileges and potentially execute actions with root-level privileges. Impact is elevated privileges ...
CVE-2018-0344
The CVE-2018-0344 entry describes a vulnerability in the Cisco SD-WAN Solution where the vManage dashboard’s login parameter validation is insufficient, enabling an authenticated, remote attacker to inject and execute arbitrary commands with vManage user privileges by configuring a malicious user...
CVE-2020-3379
Cisco SD-WAN Solution Software has a privilege-escalation vulnerability due to insufficient input validation. An authenticated, local attacker can exploit a crafted request to gain administrative privileges on the underlying OS. Affected component is the Cisco SD-WAN Solution Software; impact is ...
CVE-2018-0343
The CVE-2018-0343 issue affects Cisco SD-WAN Solution components running before Release 18.3.0, including vBond Orchestrator, vEdge routers, vManage, and vSmart. Root cause: insufficient access restrictions on the HTTP management interface of the Configuration and Management Service, allowing an ...
CVE-2018-0345
The CVE-2018-0345 issue exists in Cisco SD-WAN’s configuration and management database, caused by insufficient validation of command arguments. An authenticated, remote attacker could run arbitrary commands with the privileges of the vmanage user, affecting vBond Orchestrator, vManage Network Man...
CVE-2018-0349
Cisco SD-WAN Solution contains a vulnerability (CVE-2018-0349) where an authenticated, remote attacker could overwrite arbitrary files on the device by abusing improper input validation of the request admin-tech command in the CLI. A successful exploit could escalate privileges to root. Affected ...
CVE-2018-0342
The CVE-2018-0342 issue affects Cisco SD-WAN Solution components (vBond Orchestrator, vEdge routers, vManage, vSmart, etc.) prior to Release 18.3.0, caused by incomplete bounds checks in the Configuration and Monitoring Service. Exploitation involves sending malicious data to the vDaemon listenin...
CVE-2018-0350
Cisco SD-WAN Solution VPN subsystem command injection (CVE-2018-0350) is caused by insufficient input validation in the VPN configuration parameters. An authenticated, remote attacker could submit crafted input after authenticating to the device and execute commands with root privileges. Affected...
CVE-2020-3351
CVE-2020-3351 is a denial-of-service vulnerability in Cisco SD-WAN Solution Software caused by improper validation of fields in Cisco SD-WAN peering messages encapsulated in UDP packets. An unauthenticated, remote attacker can send crafted UDP messages to trigger a DoS affecting the targeted devi...
CVE-2019-1646
CVE-2019-1646 describes a privilege-escalation vulnerability in the local CLI of the Cisco SD-WAN Solution. An authenticated, local attacker can exploit insufficient input sanitization on certain CLI commands to establish an interactive session with elevated privileges and then modify device conf...
CVE-2019-1650
Summary: CVE-2019-1650 affects Cisco SD-WAN Solution. The issue stems from improper input validation of the CLI save command, enabling an authenticated, remote attacker to overwrite arbitrary files on the device’s underlying OS and escalate privileges to root. Exploitation involves modifying the ...
CVE-2018-0348
Cisco SD-WAN Solution CVE-2018-0348 is a command-injection vulnerability in the CLI due to insufficient input validation. It affects vBond Orchestrator Software, vEdge 100/1000/2000/5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, and vSmart Controller Softwa...
CVE-2018-0351
Cisco SD-WAN Solution contains a local command injection vulnerability in the command-line tcpdump utility. The issue arises from insufficient input validation, enabling an authenticated, local attacker to submit crafted input to tcpdump and execute commands with root privileges. Affected product...
CVE-2019-1648
CVE-2019-1648 affects Cisco SD-WAN Solution. A vulnerability in the user group configuration allows an authenticated, local attacker to write a crafted file to the directory containing the group config, bypassing validation and gaining root-level privileges. Impact is full device takeover. Sympto...
CVE-2019-1647
Cisco SD-WAN Solution contains an authentication bypass vulnerability in the vContainer/vSmart container architecture due to insecure default configuration. An authenticated adjacent attacker could directly connect to exposed services and access or modify critical system files across vSmart conta...
CVE-2019-1651
CVE-2019-1651 affects Cisco SD-WAN Solution, specifically the vContainer component. The flaw is a buffer overflow caused by improper bounds checking in vContainer, which an authenticated, remote attacker could exploit by sending a malicious file to an affected vContainer instance. Successful expl...
CVE-2018-0347
CVE-2018-0347 concerns Cisco SD-WAN Solution ZTP: an authenticated, local attacker can inject commands with root privileges due to insufficient input validation. Affected are vEdge 100/1000/2000/5000 Series routers running releases prior to 18.3.0. Cisco’s advisory and associated CVE record confi...
CVE-2018-0433
CVE-2018-0433 describes a local, authenticated command-injection vulnerability in the Cisco SD-WAN Solution CLI caused by insufficient input validation. Affected: Cisco SD-WAN Solution (CLI) on eligible devices; an attacker who can authenticate to the CLI can craft input that leads to arbitrary c...
CVE-2018-0346
Cisco SD-WAN Solution Zero Touch Provisioning contains a DoS vulnerability (CVE-2018-0346) in the Zero Touch Provisioning service on vBond Orchestrator, vManage, and vSmart software prior to release 18.3.0. The issue stems from improper bounds checks on values in packets sent to the service, whic...