Product:

Sd\-Wan

(Cisco)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 27
Date Id Summary Products Score Patch Annotated
2022-09-30 CVE-2022-20850 A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the... Ios_xe_sd\-Wan, Sd\-Wan, Sd\-Wan_vbond_orchestrator, Sd\-Wan_vmanage, Sd\-Wan_vsmart_controller 7.1
2022-09-30 CVE-2022-20930 A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition. Catalyst_sd\-Wan_manager, Sd\-Wan, Sd\-Wan_vbond_orchestrator, Sd\-Wan_vmanage, Sd\-Wan_vsmart_controller 6.7
2023-03-23 CVE-2023-20113 A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to... Sd\-Wan 8.1
2023-09-27 CVE-2023-20034 Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the presence of a static username and password configured on the vManage. An attacker could exploit this vulnerability by sending a crafted HTTP request to a reachable vManage on port 9200. A successful... Sd\-Wan 7.5
2018-10-05 CVE-2018-15387 A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a crafted certificate to an affected device, bypassing the certificate validation. An exploit could allow an attacker to deploy a crafted system image. Sd\-Wan N/A
2019-01-24 CVE-2019-1650 A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the save command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying... Sd\-Wan, Vbond_orchestrator, Vedge_1000_firmware, Vedge_100_firmware, Vedge_2000_firmware, Vedge_5000_firmware, Vmanage_network_management, Vsmart_controller 8.8
2019-01-24 CVE-2019-1648 A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An attacker could exploit this vulnerability by writing a crafted file to the directory where the user group configuration is located in the underlying operating system. A successful exploit could allow... Sd\-Wan, Vbond_orchestrator, Vedge_1000_firmware, Vedge_100_firmware, Vedge_2000_firmware, Vedge_5000_firmware, Vmanage_network_management, Vsmart_controller 7.8
2019-01-24 CVE-2019-1647 A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files. Sd\-Wan, Vsmart_controller 8.0
2019-01-24 CVE-2019-1646 A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerability exists because user input is not properly sanitized for certain commands at the CLI. An attacker could exploit this vulnerability by sending crafted commands to the CLI of an affected device. A successful exploit could allow the attacker to establish an interactive session with elevated privileges. The... Sd\-Wan, Vbond_orchestrator, Vedge_1000_firmware, Vedge_100_firmware, Vedge_2000_firmware, Vedge_5000_firmware, Vmanage_network_management, Vsmart_controller 7.8
2019-06-20 CVE-2019-1624 A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the vManage Web UI. A successful exploit could allow the attacker to execute commands with root privileges. Sd\-Wan 8.8