Vulnerabilities > Cisco > Vedge 5000
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-26 | CVE-2019-12629 | Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. | 9.0 |
| 2020-01-26 | CVE-2019-12619 | SQL Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. | 4.0 |
| 2019-06-20 | CVE-2019-1626 | Permissions, Privileges, and Access Controls vulnerability in Cisco Sd-Wan Firmware A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. | 6.5 |
| 2019-01-24 | CVE-2019-1650 | Improper Input Validation vulnerability in Cisco products A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. | 9.0 |
| 2019-01-24 | CVE-2019-1648 | Permissions, Privileges, and Access Controls vulnerability in Cisco products A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. | 7.2 |
| 2019-01-24 | CVE-2019-1646 | Permissions, Privileges, and Access Controls vulnerability in Cisco products A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. | 7.2 |
| 2018-10-05 | CVE-2018-0434 | Improper Certificate Validation vulnerability in Cisco products A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. | 5.8 |
| 2018-10-05 | CVE-2018-0433 | OS Command Injection vulnerability in Cisco products A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.2 |
| 2018-10-05 | CVE-2018-0432 | OS Command Injection vulnerability in Cisco products A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. | 9.0 |
| 2018-07-18 | CVE-2018-0351 | Command Injection vulnerability in Cisco products A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.2 |