Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-18 CVE-2020-26071 A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation for specific commands.
local
low complexity
CWE-22
8.4
8.4
2024-11-18 CVE-2020-26073 A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs).
network
low complexity
CWE-35
7.5
7.5
2024-11-18 CVE-2020-27124 A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition. The vulnerability is due to improper error handling on established SSL/TLS connections.
network
low complexity
CWE-457
8.6
8.6
2024-11-18 CVE-2020-3431 A vulnerability in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and Cisco Small Business RV042G Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software.
network
low complexity
CWE-79
6.1
6.1
2024-11-18 CVE-2020-3538 A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement.
network
low complexity
 4.6
4.6
2024-11-18 CVE-2020-3539 A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to a failure to limit access to resources that are intended for users with Administrator privileges.
network
low complexity
CWE-285
6.3
6.3
2024-11-18 CVE-2020-3548 A vulnerability in the Transport Layer Security (TLS) protocol implementation of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to inefficient processing of incoming TLS traffic.
network
low complexity
CWE-407
5.3
5.3
2024-11-18 CVE-2021-1132 A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data. This vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly validate user-supplied input.
network
low complexity
CWE-35
5.3
5.3
2024-11-18 CVE-2021-1232 A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that is written to an affected system.
network
low complexity
CWE-522
6.5
6.5
2024-11-18 CVE-2021-1234 A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system.
network
low complexity
CWE-497
5.3
5.3