Vulnerabilities > Silver Peak > Unity Edgeconnect SD WAN Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-09-08 CVE-2019-16105 Path Traversal vulnerability in Silver-Peak Unity Edgeconnect Sd-Wan Firmware 8.1.4.965644
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI.
network
low complexity
silver-peak CWE-22
4.0
2019-09-08 CVE-2019-16104 Cross-site Scripting vulnerability in Silver-Peak Unity Edgeconnect Sd-Wan Firmware 8.1.4.965644
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO.
4.3
2019-09-08 CVE-2019-16103 Unspecified vulnerability in Silver-Peak Unity Edgeconnect Sd-Wan Firmware 8.1.4.965644
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.
network
low complexity
silver-peak
critical
9.0
2019-09-08 CVE-2019-16102 Insecure Default Initialization of Resource vulnerability in Silver-Peak Unity Edgeconnect Sd-Wan Firmware 8.1.4.965644
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity.
network
low complexity
silver-peak CWE-1188
7.5
2019-09-08 CVE-2019-16101 Information Exposure vulnerability in Silver-Peak Unity Edgeconnect Sd-Wan Firmware 8.1.4.965644
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI.
network
low complexity
silver-peak CWE-200
5.0
2019-09-08 CVE-2019-16100 Unspecified vulnerability in Silver-Peak Unity Edgeconnect Sd-Wan Firmware 8.1.4.965644
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source.
network
low complexity
silver-peak
5.0
2019-09-08 CVE-2019-16099 Cross-Site Request Forgery (CSRF) vulnerability in Silver-Peak Unity Edgeconnect Sd-Wan Firmware 8.1.4.965644
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file.
6.8