Vulnerabilities > Cisco > SD WAN Firmware > 19.2.1

DATE CVE VULNERABILITY TITLE RISK
2020-07-16 CVE-2020-3369 Unspecified vulnerability in Cisco Sd-Wan Firmware and Vedge Cloud Router
A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco
7.5
7.5
2020-03-19 CVE-2020-3266 OS Command Injection vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
local
low complexity
cisco CWE-78
7.8
7.8
2020-03-19 CVE-2020-3265 Improper Privilege Management vulnerability in Cisco Sd-Wan Firmware
A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system.
local
low complexity
cisco CWE-269
7.8
7.8
2020-03-19 CVE-2020-3264 Classic Buffer Overflow vulnerability in Cisco Sd-Wan Firmware
A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device.
local
low complexity
cisco CWE-120
7.1
7.1
2020-03-19 CVE-2019-16012 SQL Injection vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
network
low complexity
cisco CWE-89
8.1
8.1
2020-03-19 CVE-2019-16010 Cross-site Scripting vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the vManage software.
network
low complexity
cisco CWE-79
4.8
4.8