Cisco Catalyst Sd-Wan Manager vulnerabilities

CVE-2021-1479 [CRITICAL] CWE-119 CVE-2021-1479: Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote att Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1480 [HIGH] CWE-119 CVE-2021-1480: Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote att Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1137 [HIGH] CWE-119 CVE-2021-1137: Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote att Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2020-3579 [MEDIUM] CWE-79 CVE-2020-3579: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow a A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could explo

CVE-2020-3592 [MEDIUM] CWE-284 CVE-2020-3592: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow a A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an affected system. An attacker could exploit this vulnerability by sending c

CVE-2020-3590 [MEDIUM] CWE-79 CVE-2020-3590: A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could all A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnera

CVE-2020-3587 [MEDIUM] CWE-79 CVE-2020-3587: A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could all A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnera

CVE-2020-3591 [MEDIUM] CWE-79 CVE-2020-3591: A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could all A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exp

CVE-2023-20034 Cisco Catalyst SD-WAN Manager Vulnerabilities CVE-2023-20034: Cisco Catalyst SD-WAN Manager Vulnerabilities Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an attacker to access an affected instance or cause a denial of service (DoS) condition on an affected system. For more information about these vulnerabilities, see the CVSS: 3.1 CWE: CWE-286, CWE-399, CWE-798, CWE-286, CWE-399, CWE-798, CWE-862, CWE-286, CWE-399, CWE-798, C

CVE-2026-20108 Cisco Catalyst SD-WAN Manager Cross-Site Scripting Vulnerability CVE-2026-20108: Cisco Catalyst SD-WAN Manager Cross-Site Scripting Vulnerability A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulne

CVE-2023-20254 Cisco Catalyst SD-WAN Manager Vulnerabilities CVE-2023-20254: Cisco Catalyst SD-WAN Manager Vulnerabilities Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an attacker to access an affected instance or cause a denial of service (DoS) condition on an affected system. For more information about these vulnerabilities, see the CVSS: 3.1 CWE: CWE-286, CWE-399, CWE-798, CWE-286, CWE-399, CWE-798, CWE-862, CWE-286, CWE-399, CWE-798, C

CVE-2023-20179 Cisco Catalyst SD-WAN Manager Web UI HTML Injection Vulnerability CVE-2023-20179: Cisco Catalyst SD-WAN Manager Web UI HTML Injection Vulnerability A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting