Vulnerabilities > Cisco > SD WAN > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-06 | CVE-2020-3593 | Improper Privilege Management vulnerability in Cisco Sd-Wan A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. | 7.8 |
| 2020-07-16 | CVE-2020-3180 | Insufficiently Protected Credentials vulnerability in Cisco Sd-Wan A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. | 7.8 |
| 2019-06-20 | CVE-2019-1624 | Command Injection vulnerability in Cisco Sd-Wan A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. | 8.8 |
| 2019-01-24 | CVE-2019-1650 | OS Command Injection vulnerability in Cisco products A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. | 8.8 |
| 2019-01-24 | CVE-2019-1648 | Improper Input Validation vulnerability in Cisco products A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. | 7.8 |
| 2019-01-24 | CVE-2019-1647 | Improper Access Control vulnerability in Cisco Sd-Wan and Vsmart Controller A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. | 8.0 |
| 2019-01-24 | CVE-2019-1646 | Command Injection vulnerability in Cisco products A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. | 7.8 |