SD-WAN vManage Software
CVEs (32)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-3591 | 0.00 | — | 0.00 | Nov 6, 2020 | A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management… | |||
| CVE-2020-3590 | 0.00 | — | 0.00 | Nov 6, 2020 | A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not… | |||
| CVE-2020-3587 | 0.00 | — | 0.00 | Nov 6, 2020 | A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not… | |||
| CVE-2020-3579 | 0.00 | — | 0.00 | Nov 6, 2020 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management… | |||
| CVE-2020-27128 | 0.00 | — | 0.02 | Nov 6, 2020 | A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this… | |||
| CVE-2020-3468 | 0.00 | — | 0.00 | Jul 16, 2020 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates… | |||
| CVE-2020-3437 | 0.00 | — | 0.01 | Jul 16, 2020 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker… | |||
| CVE-2020-3401 | 0.00 | — | 0.00 | Jul 16, 2020 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient… | |||
| CVE-2020-3405 | 0.00 | — | 0.00 | Jul 16, 2020 | A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when… | |||
| CVE-2020-3388 | 0.00 | — | 0.00 | Jul 16, 2020 | A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability… | |||
| CVE-2020-3381 | 0.00 | — | 0.01 | Jul 16, 2020 | A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of… | |||
| CVE-2020-3378 | 0.00 | — | 0.00 | Jul 16, 2020 | A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of… |
- CVE-2020-3591Nov 6, 2020risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management…
- CVE-2020-3590Nov 6, 2020risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not…
- CVE-2020-3587Nov 6, 2020risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not…
- CVE-2020-3579Nov 6, 2020risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management…
- CVE-2020-27128Nov 6, 2020risk 0.00cvss —epss 0.02
A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this…
- CVE-2020-3468Jul 16, 2020risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates…
- CVE-2020-3437Jul 16, 2020risk 0.00cvss —epss 0.01
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker…
- CVE-2020-3401Jul 16, 2020risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient…
- CVE-2020-3405Jul 16, 2020risk 0.00cvss —epss 0.00
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when…
- CVE-2020-3388Jul 16, 2020risk 0.00cvss —epss 0.00
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability…
- CVE-2020-3381Jul 16, 2020risk 0.00cvss —epss 0.01
A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of…
- CVE-2020-3378Jul 16, 2020risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of…
Page 2 of 2