Vulnerabilities > Cisco > SD WAN Vmanage > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-08-03 CVE-2023-20214 Improper Authentication vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature.
network
low complexity
cisco CWE-287
critical
9.1
2021-12-10 CVE-2021-44228 Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. 10.0
2021-05-06 CVE-2021-1468 Improper Authentication vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application.
network
low complexity
cisco CWE-287
critical
9.8
2021-04-08 CVE-2021-1479 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system.
network
low complexity
cisco CWE-119
critical
9.8
2021-01-20 CVE-2021-1225 Unspecified vulnerability in Cisco Sd-Wan Vmanage
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system.
network
low complexity
cisco
critical
9.1