Vulnerabilities > Cisco > SD WAN Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-16 | CVE-2020-3388 | Improper Authentication vulnerability in Cisco Sd-Wan Firmware A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.8 |
| 2020-07-16 | CVE-2020-3387 | Improper Input Validation vulnerability in Cisco Sd-Wan Firmware A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. | 8.8 |
| 2020-07-16 | CVE-2020-3385 | Unspecified vulnerability in Cisco Sd-Wan Firmware and Vedge Cloud Router A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. low complexity cisco | 6.5 |
| 2020-07-16 | CVE-2020-3381 | Path Traversal vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. | 8.8 |
| 2020-07-16 | CVE-2020-3379 | Improper Input Validation vulnerability in Cisco products A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. | 7.8 |
| 2020-07-16 | CVE-2020-3378 | SQL Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. | 4.3 |
| 2020-07-16 | CVE-2020-3372 | Resource Exhaustion vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system. | 6.5 |
| 2020-07-16 | CVE-2020-3369 | Unspecified vulnerability in Cisco Sd-Wan Firmware and Vedge Cloud Router A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2020-07-16 | CVE-2020-3351 | Resource Exhaustion vulnerability in Cisco products A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 8.6 |
| 2020-03-19 | CVE-2020-3266 | OS Command Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.8 |