Vulnerabilities > Cisco > SD WAN Firmware > 18.4.302
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-16 | CVE-2020-3372 | Resource Exhaustion vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system. | 6.5 |
| 2020-03-19 | CVE-2020-3266 | OS Command Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.8 |
| 2020-03-19 | CVE-2019-16012 | SQL Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 8.1 |
| 2020-03-19 | CVE-2019-16010 | Cross-site Scripting vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the vManage software. | 4.8 |
| 2019-11-26 | CVE-2019-16002 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Sd-Wan Firmware A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 6.5 |
| 2019-08-08 | CVE-2019-1951 | Unspecified vulnerability in Cisco Sd-Wan Firmware A vulnerability in the packet filtering features of Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. | 5.8 |