Vulnerabilities > Cisco > Catalyst SD WAN Manager > 20.9.3.0.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-25 | CVE-2024-20475 | Cross-site Scripting vulnerability in Cisco Catalyst Sd-Wan Manager A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. | 5.4 |
2023-08-03 | CVE-2023-20214 | Improper Authentication vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature. | 9.1 |