Vulnerabilities > Cisco > Catalyst SD WAN Manager > High

DATE CVE VULNERABILITY TITLE RISK
2021-05-06 CVE-2021-1506 Missing Authorization vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application.
network
low complexity
cisco CWE-862
7.2
2021-05-06 CVE-2021-1508 Missing Authorization vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application.
network
low complexity
cisco CWE-862
8.8
2021-05-06 CVE-2021-1513 Improper Input Validation vulnerability in Cisco products
A vulnerability in the vDaemon process of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
7.5
2021-05-06 CVE-2021-1514 OS Command Injection vulnerability in Cisco products
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system.
local
low complexity
cisco CWE-78
7.8
2021-04-08 CVE-2021-1480 Improper Input Validation vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system.
local
low complexity
cisco CWE-20
7.8
2021-04-08 CVE-2021-1137 Improper Input Validation vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system.
local
low complexity
cisco CWE-20
7.8
2021-01-20 CVE-2021-1241 Unspecified vulnerability in Cisco products
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device.
network
low complexity
cisco
7.5
2021-01-20 CVE-2021-1302 Unspecified vulnerability in Cisco Catalyst Sd-Wan Manager
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access.
network
low complexity
cisco
8.8
2021-01-20 CVE-2021-1299 Unspecified vulnerability in Cisco products
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device.
network
low complexity
cisco
8.8
2021-01-20 CVE-2021-1298 Command Injection vulnerability in Cisco products
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device.
network
low complexity
cisco CWE-77
8.8