Cisco SD-WAN Solution software
CVEs (43)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-20262 | 0.00 | — | 0.00 | Sep 27, 2023 | A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI… | |||
| CVE-2022-20850 | 0.00 | — | 0.00 | Sep 30, 2022 | A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An… | |||
| CVE-2022-20818 | 0.00 | — | 0.01 | Sep 30, 2022 | Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these… | |||
| CVE-2022-20716 | 0.00 | — | 0.00 | Apr 15, 2022 | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying… | |||
| CVE-2021-1546 | 0.00 | — | 0.00 | Sep 23, 2021 | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI… | |||
| CVE-2021-34726 | 0.00 | — | 0.00 | Sep 23, 2021 | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient input… | |||
| CVE-2021-1614 | 0.00 | — | 0.01 | Jul 22, 2021 | A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. This vulnerability is due to insufficient handling of… | |||
| CVE-2021-1528 | 0.00 | — | 0.00 | Jun 4, 2021 | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker… | |||
| CVE-2021-1514 | 0.00 | — | 0.00 | May 6, 2021 | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain… | |||
| CVE-2021-1513 | 0.00 | — | 0.01 | May 6, 2021 | A vulnerability in the vDaemon process of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient handling of malformed packets. An attacker… | |||
| CVE-2021-1512 | 0.00 | — | 0.00 | May 6, 2021 | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a… | |||
| CVE-2021-1480 | 0.00 | — | 0.05 | Apr 8, 2021 | Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see… | |||
| CVE-2021-1479 | 0.00 | — | 0.03 | Apr 8, 2021 | Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see… | |||
| CVE-2021-1137 | 0.00 | — | 0.00 | Apr 8, 2021 | Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see… | |||
| CVE-2021-1241 | 0.00 | — | 0.01 | Jan 20, 2021 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||
| CVE-2021-1233 | 0.00 | — | 0.00 | Jan 20, 2021 | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could… | |||
| CVE-2021-1260 | 0.00 | — | 0.01 | Jan 20, 2021 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these… | |||
| CVE-2021-1261 | 0.00 | — | 0.01 | Jan 20, 2021 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these… | |||
| CVE-2021-1262 | 0.00 | — | 0.01 | Jan 20, 2021 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these… | |||
| CVE-2021-1263 | 0.00 | — | 0.01 | Jan 20, 2021 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these… |
- CVE-2023-20262Sep 27, 2023risk 0.00cvss —epss 0.00
A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI…
- CVE-2022-20850Sep 30, 2022risk 0.00cvss —epss 0.00
A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An…
- CVE-2022-20818Sep 30, 2022risk 0.00cvss —epss 0.01
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these…
- CVE-2022-20716Apr 15, 2022risk 0.00cvss —epss 0.00
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying…
- CVE-2021-1546Sep 23, 2021risk 0.00cvss —epss 0.00
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI…
- CVE-2021-34726Sep 23, 2021risk 0.00cvss —epss 0.00
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient input…
- CVE-2021-1614Jul 22, 2021risk 0.00cvss —epss 0.01
A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. This vulnerability is due to insufficient handling of…
- CVE-2021-1528Jun 4, 2021risk 0.00cvss —epss 0.00
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker…
- CVE-2021-1514May 6, 2021risk 0.00cvss —epss 0.00
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain…
- CVE-2021-1513May 6, 2021risk 0.00cvss —epss 0.01
A vulnerability in the vDaemon process of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient handling of malformed packets. An attacker…
- CVE-2021-1512May 6, 2021risk 0.00cvss —epss 0.00
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a…
- CVE-2021-1480Apr 8, 2021risk 0.00cvss —epss 0.05
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see…
- CVE-2021-1479Apr 8, 2021risk 0.00cvss —epss 0.03
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see…
- CVE-2021-1137Apr 8, 2021risk 0.00cvss —epss 0.00
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see…
- CVE-2021-1241Jan 20, 2021risk 0.00cvss —epss 0.01
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
- CVE-2021-1233Jan 20, 2021risk 0.00cvss —epss 0.00
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could…
- CVE-2021-1260Jan 20, 2021risk 0.00cvss —epss 0.01
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…
- CVE-2021-1261Jan 20, 2021risk 0.00cvss —epss 0.01
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…
- CVE-2021-1262Jan 20, 2021risk 0.00cvss —epss 0.01
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…
- CVE-2021-1263Jan 20, 2021risk 0.00cvss —epss 0.01
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…
Page 1 of 3