Product:

Catalyst_sd\-Wan_manager

(Cisco)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 56
Date Id Summary Products Score Patch Annotated
2020-11-06 CVE-2020-3579 A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script... Catalyst_sd\-Wan_manager, Sd\-Wan_vmanage 6.1
2020-11-06 CVE-2020-3587 A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the... Catalyst_sd\-Wan_manager, Sd\-Wan_vmanage 6.4
2020-11-06 CVE-2020-3590 A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the... Catalyst_sd\-Wan_manager, Sd\-Wan_vmanage 6.4
2020-11-06 CVE-2020-3591 A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary... Catalyst_sd\-Wan_manager, Sd\-Wan_vmanage 4.3
2020-11-06 CVE-2020-3592 A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain... Catalyst_sd\-Wan_manager, Sd\-Wan_vmanage 6.5
2021-01-20 CVE-2021-1260 Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. Catalyst_sd\-Wan_manager, Sd\-Wan_firmware, Sd\-Wan_vbond_orchestrator, Sd\-Wan_vsmart_controller_firmware 7.8
2021-01-20 CVE-2021-1261 Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. Catalyst_sd\-Wan_manager, Sd\-Wan_firmware, Sd\-Wan_vbond_orchestrator, Sd\-Wan_vsmart_controller_firmware 7.8
2021-01-20 CVE-2021-1262 Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. Catalyst_sd\-Wan_manager, Sd\-Wan_firmware, Sd\-Wan_vbond_orchestrator, Sd\-Wan_vsmart_controller_firmware 7.8
2021-01-20 CVE-2021-1263 Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. Catalyst_sd\-Wan_manager, Sd\-Wan_firmware, Sd\-Wan_vbond_orchestrator, Sd\-Wan_vsmart_controller_firmware 7.8
2021-01-20 CVE-2021-1273 Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Catalyst_sd\-Wan_manager, Ios_xe_sd\-Wan, Sd\-Wan_firmware, Sd\-Wan_vbond_orchestrator, Sd\-Wan_vsmart_controller_firmware 8.6