Vulnerabilities > Cisco > SD WAN Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-01-20 CVE-2021-1233 Unspecified vulnerability in Cisco products
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device.
local
low complexity
cisco
4.4
2021-01-20 CVE-2021-1305 Incorrect Authorization vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access.
network
low complexity
cisco CWE-863
4.3
2020-07-16 CVE-2020-3468 SQL Injection vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
network
low complexity
cisco CWE-89
5.4
2020-07-16 CVE-2020-3437 Unspecified vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device.
network
low complexity
cisco
6.5
2020-07-16 CVE-2020-3406 Cross-site Scripting vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
network
low complexity
cisco CWE-79
5.4
2020-07-16 CVE-2020-3401 Path Traversal vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system.
network
low complexity
cisco CWE-22
6.5
2020-07-16 CVE-2020-3385 Unspecified vulnerability in Cisco Sd-Wan Firmware and Vedge Cloud Router
A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system.
low complexity
cisco
6.5
2020-07-16 CVE-2020-3378 SQL Injection vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries.
network
low complexity
cisco CWE-89
4.3
2020-07-16 CVE-2020-3372 Resource Exhaustion vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system.
network
low complexity
cisco CWE-400
6.5
2020-03-19 CVE-2019-16010 Cross-site Scripting vulnerability in Cisco Sd-Wan Firmware
A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the vManage software.
network
low complexity
cisco CWE-79
4.8