Vulnerabilities > Cisco > SD WAN Firmware > 18.2.0

DATE CVE VULNERABILITY TITLE RISK
2020-07-16 CVE-2020-3388 Improper Authentication vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
local
low complexity
cisco CWE-287
7.8
7.8
2020-07-16 CVE-2020-3387 Improper Input Validation vulnerability in Cisco Sd-Wan Firmware
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system.
network
low complexity
cisco CWE-20
8.8
8.8
2020-07-16 CVE-2020-3381 Path Traversal vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system.
network
low complexity
cisco CWE-22
8.8
8.8
2020-07-16 CVE-2020-3379 Improper Input Validation vulnerability in Cisco products
A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system.
local
low complexity
cisco CWE-20
7.2
7.2
2020-07-16 CVE-2020-3378 SQL Injection vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries.
network
low complexity
cisco CWE-89
4.3
4.3
2020-07-16 CVE-2020-3372 Resource Exhaustion vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system.
network
low complexity
cisco CWE-400
6.5
6.5
2020-03-19 CVE-2020-3266 OS Command Injection vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
local
low complexity
cisco CWE-78
7.8
7.8
2020-03-19 CVE-2020-3265 Improper Privilege Management vulnerability in Cisco Sd-Wan Firmware
A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system.
local
low complexity
cisco CWE-269
7.8
7.8
2020-03-19 CVE-2020-3264 Classic Buffer Overflow vulnerability in Cisco Sd-Wan Firmware
A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device.
local
low complexity
cisco CWE-120
7.1
7.1
2020-03-19 CVE-2019-16012 SQL Injection vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
network
low complexity
cisco CWE-89
8.1
8.1