Vulnerabilities > Cisco > SD WAN Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-19 | CVE-2020-3265 | Improper Privilege Management vulnerability in Cisco Sd-Wan Firmware A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. | 7.8 |
| 2020-03-19 | CVE-2020-3264 | Classic Buffer Overflow vulnerability in Cisco Sd-Wan Firmware A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. | 7.1 |
| 2020-03-19 | CVE-2019-16012 | SQL Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 8.1 |
| 2020-03-19 | CVE-2019-16010 | Cross-site Scripting vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the vManage software. | 4.8 |
| 2020-01-26 | CVE-2020-3115 | Improper Privilege Management vulnerability in Cisco Sd-Wan Firmware 18.4.1/19.1.0 A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. | 8.8 |
| 2020-01-26 | CVE-2019-12629 | OS Command Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. | 7.2 |
| 2020-01-26 | CVE-2019-12619 | SQL Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. | 6.5 |
| 2019-11-26 | CVE-2019-16002 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Sd-Wan Firmware A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 6.5 |
| 2019-08-08 | CVE-2019-1951 | Unspecified vulnerability in Cisco Sd-Wan Firmware A vulnerability in the packet filtering features of Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. | 5.8 |
| 2019-06-20 | CVE-2019-1626 | Incorrect Authorization vulnerability in Cisco Sd-Wan Firmware A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. | 8.8 |