Vulnerabilities (CVE)

Filtered by vendor Cisco Subscribe
Filtered by product Sd-wan Vmanage
Total 52 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-1298 1 Cisco 12 Sd-wan Firmware, Sd-wan Vbond Orchestrator, Sd-wan Vmanage and 9 more 2021-01-27 9.0 HIGH 8.8 HIGH
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2021-1299 1 Cisco 12 Sd-wan Firmware, Sd-wan Vbond Orchestrator, Sd-wan Vmanage and 9 more 2021-01-27 9.0 HIGH 8.8 HIGH
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2021-1273 1 Cisco 13 Ios Xe Sd-wan, Sd-wan Firmware, Sd-wan Vbond Orchestrator and 10 more 2021-01-27 7.8 HIGH 8.6 HIGH
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2021-1233 1 Cisco 11 Sd-wan Firmware, Sd-wan Vbond Orchestrator, Sd-wan Vmanage and 8 more 2021-01-27 4.9 MEDIUM 4.4 MEDIUM
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerability by sending a crafted request to the iperf tool, which is included in Cisco SD-WAN Software. A successful exploit could allow the attacker to obtain any file from the filesystem of an affected device.
CVE-2021-1235 1 Cisco 1 Sd-wan Vmanage 2021-01-27 4.9 MEDIUM 5.5 MEDIUM
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read database files from the filesystem of the underlying operating system.
CVE-2021-1241 1 Cisco 13 Ios Xe Sd-wan, Sd-wan Firmware, Sd-wan Vbond Orchestrator and 10 more 2021-01-27 7.8 HIGH 7.5 HIGH
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2020-27129 1 Cisco 1 Sd-wan Vmanage 2020-11-24 7.2 HIGH 6.7 MEDIUM
A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. The vulnerability is due to improper validation of commands to the remote management CLI of the affected application. An attacker could exploit this vulnerability by sending malicious requests to the affected application. A successful exploit could allow the attacker to inject arbitrary commands and potentially gain elevated privileges.
CVE-2020-3591 1 Cisco 1 Sd-wan Vmanage 2020-11-20 3.5 LOW 4.3 MEDIUM
A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.
CVE-2020-3590 1 Cisco 1 Sd-wan Vmanage 2020-11-20 3.5 LOW 6.4 MEDIUM
A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.
CVE-2020-3587 1 Cisco 1 Sd-wan Vmanage 2020-11-20 3.5 LOW 6.4 MEDIUM
A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.
CVE-2020-3579 1 Cisco 1 Sd-wan Vmanage 2020-11-20 4.3 MEDIUM 6.1 MEDIUM
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.
CVE-2020-3592 1 Cisco 1 Sd-wan Vmanage 2020-11-20 4.0 MEDIUM 6.5 MEDIUM
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. This could allow the attacker to modify the configuration of an affected system.