Vulnerabilities > Cisco > SD WAN

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-20034 Unspecified vulnerability in Cisco Sd-Wan
Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the presence of a static username and password configured on the vManage.
network
low complexity
cisco
7.5
2023-03-23 CVE-2023-20113 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Sd-Wan
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
network
low complexity
cisco CWE-352
8.1
2022-09-30 CVE-2022-20775 Path Traversal vulnerability in Cisco products
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges.
local
low complexity
cisco CWE-22
7.8
2022-09-30 CVE-2022-20818 Path Traversal vulnerability in Cisco products
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges.
local
low complexity
cisco CWE-22
7.8
2022-09-30 CVE-2022-20844 Use of Hard-coded Credentials vulnerability in Cisco Sd-Wan
A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination.
network
low complexity
cisco CWE-798
5.3
2022-09-30 CVE-2022-20850 Improper Input Validation vulnerability in Cisco products
A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device.
local
low complexity
cisco CWE-20
7.1
2022-09-30 CVE-2022-20930 OS Command Injection vulnerability in Cisco products
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system.
local
low complexity
cisco CWE-78
6.7
2022-04-15 CVE-2022-20716 Unspecified vulnerability in Cisco products
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges.
local
low complexity
cisco
7.8
2021-09-23 CVE-2021-1589 Insufficiently Protected Credentials vulnerability in Cisco Sd-Wan
A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials.
network
low complexity
cisco CWE-522
6.5
2021-09-23 CVE-2021-1612 Link Following vulnerability in Cisco Sd-Wan
A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system.
local
low complexity
cisco CWE-59
7.1