Vulnerabilities > Cisco > Catalyst SD WAN Manager > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-20252 Improper Authentication vulnerability in Cisco Catalyst Sd-Wan Manager 20.11.1.2/20.9.3.2
A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs.
network
low complexity
cisco CWE-287
critical
9.8
2023-08-03 CVE-2023-20214 Improper Authentication vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature.
network
low complexity
cisco CWE-287
critical
9.1
2021-05-06 CVE-2021-1468 Improper Authentication vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application.
network
low complexity
cisco CWE-287
critical
9.8
2021-04-08 CVE-2021-1479 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system.
network
low complexity
cisco CWE-119
critical
9.8
2021-01-20 CVE-2021-1300 Unspecified vulnerability in Cisco products
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device.
network
low complexity
cisco
critical
9.8
2021-01-20 CVE-2021-1301 Improper Input Validation vulnerability in Cisco products
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device.
network
low complexity
cisco CWE-20
critical
9.8