Vulnerabilities > Cisco > SD WAN Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2021-01-20 CVE-2021-1260 Command Injection vulnerability in Cisco products
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device.
local
low complexity
cisco CWE-77
7.8
2020-07-16 CVE-2020-3405 XXE vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system.
network
low complexity
cisco CWE-611
7.3
2020-07-16 CVE-2020-3388 Improper Authentication vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
local
low complexity
cisco CWE-287
7.8
2020-07-16 CVE-2020-3387 Unspecified vulnerability in Cisco Sd-Wan Firmware
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system.
network
low complexity
cisco
8.8
2020-07-16 CVE-2020-3381 Path Traversal vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system.
network
low complexity
cisco CWE-22
8.8
2020-07-16 CVE-2020-3379 Improper Input Validation vulnerability in Cisco products
A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system.
local
low complexity
cisco CWE-20
7.8
2020-07-16 CVE-2020-3369 Unspecified vulnerability in Cisco Sd-Wan Firmware and Vedge Cloud Router
A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco
7.5
2020-07-16 CVE-2020-3351 Resource Exhaustion vulnerability in Cisco products
A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-400
8.6
2020-03-19 CVE-2020-3266 OS Command Injection vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
local
low complexity
cisco CWE-78
7.8
2020-03-19 CVE-2020-3265 Improper Privilege Management vulnerability in Cisco Sd-Wan Firmware
A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system.
local
low complexity
cisco CWE-269
7.8