Vulnerabilities > Cisco > SD WAN > 16.2.13

DATE CVE VULNERABILITY TITLE RISK
2023-03-23 CVE-2023-20113 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Sd-Wan
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
network
low complexity
cisco CWE-352
8.1
8.1
2022-09-30 CVE-2022-20818 Path Traversal vulnerability in Cisco products
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges.
local
low complexity
cisco CWE-22
7.8
7.8
2022-09-30 CVE-2022-20850 Improper Input Validation vulnerability in Cisco products
A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device.
local
low complexity
cisco CWE-20
7.1
7.1
2022-09-30 CVE-2022-20930 OS Command Injection vulnerability in Cisco products
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system.
local
low complexity
cisco CWE-78
6.7
6.7
2021-09-23 CVE-2021-1612 Link Following vulnerability in Cisco Sd-Wan
A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system.
local
low complexity
cisco CWE-59
7.1
7.1
2021-09-23 CVE-2021-34726 OS Command Injection vulnerability in Cisco Sd-Wan
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device.
local
low complexity
cisco CWE-78
6.7
6.7
2020-11-06 CVE-2020-3600 Incorrect Authorization vulnerability in Cisco Sd-Wan
A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system.
local
low complexity
cisco CWE-863
7.8
7.8
2020-11-06 CVE-2020-3595 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Sd-Wan
A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system.
local
low complexity
cisco CWE-732
7.8
7.8
2020-11-06 CVE-2020-3594 Improper Privilege Management vulnerability in Cisco Sd-Wan
A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system.
local
low complexity
cisco CWE-269
7.8
7.8
2020-11-06 CVE-2020-3593 Improper Privilege Management vulnerability in Cisco Sd-Wan
A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system.
local
low complexity
cisco CWE-269
7.8
7.8