Vulnerabilities > Cisco > SD WAN Firmware > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-20 | CVE-2021-1233 | Unspecified vulnerability in Cisco products A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. | 4.4 |
2021-01-20 | CVE-2021-1305 | Incorrect Authorization vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. | 4.3 |
2020-07-16 | CVE-2020-3468 | SQL Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 5.4 |
2020-07-16 | CVE-2020-3437 | Unspecified vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. | 6.5 |
2020-07-16 | CVE-2020-3406 | Cross-site Scripting vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 5.4 |
2020-07-16 | CVE-2020-3401 | Path Traversal vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. | 6.5 |
2020-07-16 | CVE-2020-3385 | Unspecified vulnerability in Cisco Sd-Wan Firmware and Vedge Cloud Router A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. low complexity cisco | 6.5 |
2020-07-16 | CVE-2020-3378 | SQL Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. | 4.3 |
2020-07-16 | CVE-2020-3372 | Resource Exhaustion vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system. | 6.5 |
2020-03-19 | CVE-2019-16010 | Cross-site Scripting vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the vManage software. | 4.8 |