SD-WAN vManage Software
CVEs (32)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-3387 | 0.03 | — | 0.39 | Jul 16, 2020 | A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit… | |||
| CVE-2020-26065 | 0.00 | — | 0.00 | Aug 4, 2023 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient… | |||
| CVE-2023-20113 | 0.00 | — | 0.00 | Mar 23, 2023 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the… | |||
| CVE-2022-20696 | 0.00 | — | 0.00 | Sep 8, 2022 | A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists… | |||
| CVE-2022-20734 | 0.00 | — | 0.00 | May 4, 2022 | A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit… | |||
| CVE-2022-20739 | 0.00 | — | 0.00 | Apr 15, 2022 | A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to… | |||
| CVE-2021-1589 | 0.00 | — | 0.00 | Sep 23, 2021 | A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker… | |||
| CVE-2021-1614 | 0.00 | — | 0.01 | Jul 22, 2021 | A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. This vulnerability is due to insufficient handling of… | |||
| CVE-2021-1535 | 0.00 | — | 0.00 | May 6, 2021 | A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster… | |||
| CVE-2021-1515 | 0.00 | — | 0.00 | May 6, 2021 | A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to gain access to sensitive information. This vulnerability is due to improper access controls on API endpoints when Cisco SD-WAN vManage Software is running in multi-tenant mode.… | |||
| CVE-2021-1284 | 0.00 | — | 0.00 | May 6, 2021 | A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the… | |||
| CVE-2021-1508 | 0.00 | — | 0.01 | May 6, 2021 | Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the… | |||
| CVE-2021-1505 | 0.00 | — | 0.01 | May 6, 2021 | Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the… | |||
| CVE-2021-1468 | 0.00 | — | 0.03 | May 6, 2021 | Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the… | |||
| CVE-2021-1480 | 0.00 | — | 0.05 | Apr 8, 2021 | Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see… | |||
| CVE-2021-1479 | 0.00 | — | 0.03 | Apr 8, 2021 | Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see… | |||
| CVE-2021-1225 | 0.00 | — | 0.01 | Jan 20, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface… | |||
| CVE-2021-1235 | 0.00 | — | 0.00 | Jan 20, 2021 | A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing… | |||
| CVE-2021-1304 | 0.00 | — | 0.00 | Jan 20, 2021 | Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information… | |||
| CVE-2020-3592 | 0.00 | — | 0.00 | Nov 6, 2020 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an… |
- CVE-2020-3387Jul 16, 2020risk 0.03cvss —epss 0.39
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit…
- CVE-2020-26065Aug 4, 2023risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient…
- CVE-2023-20113Mar 23, 2023risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the…
- CVE-2022-20696Sep 8, 2022risk 0.00cvss —epss 0.00
A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists…
- CVE-2022-20734May 4, 2022risk 0.00cvss —epss 0.00
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit…
- CVE-2022-20739Apr 15, 2022risk 0.00cvss —epss 0.00
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to…
- CVE-2021-1589Sep 23, 2021risk 0.00cvss —epss 0.00
A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker…
- CVE-2021-1614Jul 22, 2021risk 0.00cvss —epss 0.01
A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. This vulnerability is due to insufficient handling of…
- CVE-2021-1535May 6, 2021risk 0.00cvss —epss 0.00
A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster…
- CVE-2021-1515May 6, 2021risk 0.00cvss —epss 0.00
A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to gain access to sensitive information. This vulnerability is due to improper access controls on API endpoints when Cisco SD-WAN vManage Software is running in multi-tenant mode.…
- CVE-2021-1284May 6, 2021risk 0.00cvss —epss 0.00
A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the…
- CVE-2021-1508May 6, 2021risk 0.00cvss —epss 0.01
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the…
- CVE-2021-1505May 6, 2021risk 0.00cvss —epss 0.01
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the…
- CVE-2021-1468May 6, 2021risk 0.00cvss —epss 0.03
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the…
- CVE-2021-1480Apr 8, 2021risk 0.00cvss —epss 0.05
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see…
- CVE-2021-1479Apr 8, 2021risk 0.00cvss —epss 0.03
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see…
- CVE-2021-1225Jan 20, 2021risk 0.00cvss —epss 0.01
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface…
- CVE-2021-1235Jan 20, 2021risk 0.00cvss —epss 0.00
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing…
- CVE-2021-1304Jan 20, 2021risk 0.00cvss —epss 0.00
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information…
- CVE-2020-3592Nov 6, 2020risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an…
Page 1 of 2