Cisco Sd-Wan Vmanage vulnerabilities

CVE-2021-34712 [MEDIUM] CWE-943 CVE-2021-34712: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow a A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability b

CVE-2021-1589 [MEDIUM] CWE-256 CVE-2021-1589: A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an aut A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this vulnerability by sending a request to an API endpoint. A su

CVE-2021-34700 [MEDIUM] CWE-522 CVE-2021-34700: A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. This vulnerability exists because access to sensitive information on an affected system is not sufficiently controlled. An attacker could exploit this vulnerabi

CVE-2021-1468 [CRITICAL] CWE-20 CVE-2021-1468: Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote att Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the De

CVE-2021-1505 [CRITICAL] CWE-20 CVE-2021-1505: Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote att Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the De

CVE-2021-1508 [CRITICAL] CWE-20 CVE-2021-1508: Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote att Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the De

CVE-2021-1506 [CRITICAL] CWE-20 CVE-2021-1506: Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote att Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the De

CVE-2021-1275 [CRITICAL] CWE-20 CVE-2021-1275: Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote att Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the De

CVE-2021-1284 [HIGH] CWE-284 CVE-2021-1284: A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the attacker must be able to access an associated Cisco SD-WAN vEdge device. This vuln

CVE-2021-1486 [MEDIUM] CWE-203 CVE-2021-1486: A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare th

CVE-2021-1515 [MEDIUM] CWE-284 CVE-2021-1515: A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker t A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to gain access to sensitive information. This vulnerability is due to improper access controls on API endpoints when Cisco SD-WAN vManage Software is running in multi-tenant mode. An attacker with access to a device that is managed in the multi-tenant en

CVE-2021-1535 [MEDIUM] CWE-497 CVE-2021-1535: A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster mode. This vulnerability is due to the absence of authentication for sensitiv

CVE-2021-1507 [MEDIUM] CWE-79 CVE-2021-1507: A vulnerability in an API of Cisco SD-WAN vManage Software could allow an authenticated, remote atta A vulnerability in an API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the application web-based interface. This vulnerability exists because the API does not properly validate user-supplied input. An attacker could exploit this vulnerability by sen

CVE-2021-1225 [CRITICAL] CWE-89 CVE-2021-1225: Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software coul Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates values in SQL queries. An attacker could exploit these vulne

CVE-2021-1302 [HIGH] CWE-20 CVE-2021-1302: Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software coul Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulner

CVE-2021-1235 [MEDIUM] CWE-497 CVE-2021-1235: A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local atta A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the at

CVE-2021-1304 [HIGH] CWE-20 CVE-2021-1304: Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software coul Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulner

CVE-2021-1349 [MEDIUM] CWE-943 CVE-2021-1349: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow a A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by s

CVE-2021-1259 [MEDIUM] CWE-22 CVE-2021-1259: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow a A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain write access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sen

CVE-2021-1305 [HIGH] CWE-20 CVE-2021-1305: Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software coul Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulner