Vulnerabilities > Cisco > SD WAN Vmanage

DATE CVE VULNERABILITY TITLE RISK
2021-04-08 CVE-2021-1479 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system.
network
low complexity
cisco CWE-119
critical
9.8
2021-04-08 CVE-2021-1137 Improper Input Validation vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system.
local
low complexity
cisco CWE-20
7.8
2021-01-20 CVE-2021-1235 Unspecified vulnerability in Cisco Sd-Wan Vmanage
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system.
local
low complexity
cisco
5.5
2021-01-20 CVE-2021-1225 Unspecified vulnerability in Cisco Sd-Wan Vmanage
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system.
network
low complexity
cisco
critical
9.1
2021-01-20 CVE-2021-1349 Unspecified vulnerability in Cisco Sd-Wan Vmanage
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system.
network
low complexity
cisco
6.5
2021-01-20 CVE-2021-1259 Unspecified vulnerability in Cisco Sd-Wan Vmanage
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain write access to sensitive files on an affected system.
network
low complexity
cisco
6.5
2020-11-06 CVE-2020-3592 Incorrect Authorization vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system.
network
low complexity
cisco CWE-863
6.5
2020-11-06 CVE-2020-3591 Cross-site Scripting vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
network
low complexity
cisco CWE-79
4.3
2020-11-06 CVE-2020-3590 Cross-site Scripting vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user.
network
low complexity
cisco CWE-79
6.4
2020-11-06 CVE-2020-3587 Cross-site Scripting vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user.
network
low complexity
cisco CWE-79
6.4