Vulnerabilities > Cisco > SD WAN > 16.3.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-06 | CVE-2020-27128 | Path Traversal vulnerability in Cisco Sd-Wan A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. | 6.5 |
| 2020-10-08 | CVE-2020-3536 | Cross-site Scripting vulnerability in Cisco Sd-Wan A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 5.4 |
| 2020-07-31 | CVE-2020-3375 | Improper Input Validation vulnerability in Cisco IOS XE Sd-Wan and Sd-Wan A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. | 9.8 |
| 2020-07-31 | CVE-2020-3374 | Incorrect Authorization vulnerability in Cisco Sd-Wan A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. | 9.9 |
| 2019-06-20 | CVE-2019-1624 | Command Injection vulnerability in Cisco Sd-Wan A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. | 8.8 |
| 2019-01-24 | CVE-2019-1650 | OS Command Injection vulnerability in Cisco products A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. | 8.8 |
| 2019-01-24 | CVE-2019-1648 | Improper Input Validation vulnerability in Cisco products A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. | 7.8 |
| 2019-01-24 | CVE-2019-1647 | Improper Access Control vulnerability in Cisco Sd-Wan and Vsmart Controller A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. | 8.0 |
| 2019-01-24 | CVE-2019-1646 | Command Injection vulnerability in Cisco products A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. | 7.8 |