Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2018-07-18 CVE-2018-0351 Command Injection vulnerability in Cisco products
A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
local
low complexity
cisco CWE-77
7.8
2018-07-18 CVE-2018-0350 Command Injection vulnerability in Cisco products
A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.
network
low complexity
cisco CWE-77
8.8
2018-07-18 CVE-2018-0349 OS Command Injection vulnerability in Cisco products
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device.
network
low complexity
cisco CWE-78
critical
9.8
2018-07-18 CVE-2018-0348 OS Command Injection vulnerability in Cisco products
A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.
network
low complexity
cisco CWE-78
7.2
2018-07-18 CVE-2018-0347 Command Injection vulnerability in Cisco products
A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
local
low complexity
cisco CWE-77
7.8
2018-07-18 CVE-2018-0346 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-119
7.5
2018-07-18 CVE-2018-0345 Argument Injection or Modification vulnerability in Cisco products
A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software.
network
low complexity
cisco CWE-88
8.8
2018-07-18 CVE-2018-0344 Command Injection vulnerability in Cisco products
A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system.
network
low complexity
cisco CWE-77
7.2
2018-07-18 CVE-2018-0343 Improper Privilege Management vulnerability in Cisco products
A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system.
network
low complexity
cisco CWE-269
8.8
2018-07-18 CVE-2018-0342 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device.
local
low complexity
cisco CWE-119
6.7