Vulnerabilities > Cisco > Catalyst SD WAN Manager > 20.9.3.0.4

DATE CVE VULNERABILITY TITLE RISK
2024-09-25 CVE-2024-20475 Cross-site Scripting vulnerability in Cisco Catalyst Sd-Wan Manager
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.
network
low complexity
cisco CWE-79
5.4
2023-08-03 CVE-2023-20214 Improper Authentication vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature.
network
low complexity
cisco CWE-287
critical
9.1