Vulnerabilities > Cisco > Vedge 2000 Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-01-24 CVE-2019-1646 Command Injection vulnerability in Cisco products
A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files.
local
low complexity
cisco CWE-77
7.8
2018-10-05 CVE-2018-0434 Improper Certificate Validation vulnerability in Cisco products
A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate.
network
high complexity
cisco CWE-295
7.4
2018-10-05 CVE-2018-0433 OS Command Injection vulnerability in Cisco products
A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
local
low complexity
cisco CWE-78
7.8
2018-10-05 CVE-2018-0432 OS Command Injection vulnerability in Cisco products
A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device.
network
low complexity
cisco CWE-78
8.8
2018-07-18 CVE-2018-0351 Command Injection vulnerability in Cisco products
A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
local
low complexity
cisco CWE-77
7.8
2018-07-18 CVE-2018-0350 Command Injection vulnerability in Cisco products
A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.
network
low complexity
cisco CWE-77
8.8
2018-07-18 CVE-2018-0349 OS Command Injection vulnerability in Cisco products
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device.
network
low complexity
cisco CWE-78
critical
9.8
2018-07-18 CVE-2018-0348 OS Command Injection vulnerability in Cisco products
A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges.
network
low complexity
cisco CWE-78
7.2
2018-07-18 CVE-2018-0347 Command Injection vulnerability in Cisco products
A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.
local
low complexity
cisco CWE-77
7.8
2018-07-18 CVE-2018-0346 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-119
7.5