VYPR

SD-WAN vManage

by Cisco Systems, Inc.

CVEs (67)

  • CVE-2020-3374CriJul 31, 2020
    risk 0.65cvss 9.9epss 0.02

    A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the…

  • CVE-2023-20252CriSep 27, 2023
    risk 0.64cvss 9.8epss 0.01

    A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper…

  • CVE-2021-1508CriMay 6, 2021
    risk 0.64cvss 9.8epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the…

  • CVE-2021-1506CriMay 6, 2021
    risk 0.64cvss 9.8epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the…

  • CVE-2021-1505CriMay 6, 2021
    risk 0.64cvss 9.8epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the…

  • CVE-2021-1468CriMay 6, 2021
    risk 0.64cvss 9.8epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the…

  • CVE-2021-1275CriMay 6, 2021
    risk 0.64cvss 9.8epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the…

  • CVE-2020-3375CriJul 31, 2020
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic…

  • CVE-2023-20214CriAug 3, 2023
    risk 0.59cvss 9.1epss 0.01

    A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. …

  • CVE-2021-1225CriJan 20, 2021
    risk 0.59cvss 9.1epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface…

  • CVE-2020-3387HigJul 16, 2020
    risk 0.58cvss 8.8epss 0.14

    A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit…

  • CVE-2021-1284HigMay 6, 2021
    risk 0.57cvss 8.8epss 0.00

    A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the…

  • CVE-2021-1305HigJan 20, 2021
    risk 0.57cvss 8.8epss 0.01

    Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information…

  • CVE-2021-1304HigJan 20, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information…

  • CVE-2021-1302HigJan 20, 2021
    risk 0.57cvss 8.8epss 0.02

    Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information…

  • CVE-2020-3381HigJul 16, 2020
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of…

  • CVE-2020-26064HigAug 4, 2023
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries…

  • CVE-2025-20122HigMay 7, 2025
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of the root user on the underlying operating system. This vulnerability is due to insufficient input validation. An…

  • CVE-2020-3388HigJul 16, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability…

  • CVE-2020-3180HigJul 16, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a…

Page 1 of 4