Vulnerabilities > Cisco > SD WAN Firmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-20 | CVE-2021-1260 | Command Injection vulnerability in Cisco products Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. | 7.8 |
| 2020-07-16 | CVE-2020-3405 | XXE vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. | 7.3 |
| 2020-07-16 | CVE-2020-3388 | Improper Authentication vulnerability in Cisco Sd-Wan Firmware A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.8 |
| 2020-07-16 | CVE-2020-3387 | Improper Input Validation vulnerability in Cisco Sd-Wan Firmware A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. | 8.8 |
| 2020-07-16 | CVE-2020-3381 | Path Traversal vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. | 8.8 |
| 2020-07-16 | CVE-2020-3379 | Improper Input Validation vulnerability in Cisco products A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. | 7.8 |
| 2020-07-16 | CVE-2020-3369 | Unspecified vulnerability in Cisco Sd-Wan Firmware and Vedge Cloud Router A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2020-07-16 | CVE-2020-3351 | Resource Exhaustion vulnerability in Cisco products A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 8.6 |
| 2020-03-19 | CVE-2020-3266 | OS Command Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.8 |
| 2020-03-19 | CVE-2020-3265 | Improper Privilege Management vulnerability in Cisco Sd-Wan Firmware A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. | 7.8 |