Vulnerabilities > Cisco > SD WAN > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-20034 | Unspecified vulnerability in Cisco Sd-Wan Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the presence of a static username and password configured on the vManage. | 7.5 |
| 2023-03-23 | CVE-2023-20113 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Sd-Wan A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 8.1 |
| 2022-09-30 | CVE-2022-20775 | Path Traversal vulnerability in Cisco products Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. | 7.8 |
| 2022-09-30 | CVE-2022-20818 | Path Traversal vulnerability in Cisco products Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. | 7.8 |
| 2022-09-30 | CVE-2022-20850 | Improper Input Validation vulnerability in Cisco products A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. | 7.1 |
| 2022-04-15 | CVE-2022-20716 | Unspecified vulnerability in Cisco products A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. | 7.8 |
| 2021-09-23 | CVE-2021-1612 | Link Following vulnerability in Cisco Sd-Wan A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. | 7.1 |
| 2020-11-06 | CVE-2020-3600 | Incorrect Authorization vulnerability in Cisco Sd-Wan A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. | 7.8 |
| 2020-11-06 | CVE-2020-3595 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Sd-Wan A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. | 7.8 |
| 2020-11-06 | CVE-2020-3594 | Improper Privilege Management vulnerability in Cisco Sd-Wan A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. | 7.8 |