Cisco Sd-Wan Vmanage vulnerabilities

CVE-2020-3590 [MEDIUM] CWE-79 CVE-2020-3590: A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could all A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnera

CVE-2020-3579 [MEDIUM] CWE-79 CVE-2020-3579: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow a A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could explo

CVE-2020-3592 [MEDIUM] CWE-284 CVE-2020-3592: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow a A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an affected system. An attacker could exploit this vulnerability by sending c

CVE-2020-3587 [MEDIUM] CWE-79 CVE-2020-3587: A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could all A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnera

CVE-2020-27129 [MEDIUM] CWE-88 CVE-2020-27129: A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an aut A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. The vulnerability is due to improper validation of commands to the remote management CLI of the affected application. An attacker could exploit this vulne

CVE-2020-27128 [MEDIUM] CWE-22 CVE-2020-27128: A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an au A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by sending malicious requests to an API within the affected a

CVE-2020-3591 [MEDIUM] CWE-79 CVE-2020-3591: A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could all A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exp

CVE-2020-3536 [MEDIUM] CWE-79 CVE-2020-3536: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow a A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit

CVE-2020-3374 [CRITICAL] CWE-285 CVE-2020-3374: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow a A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The vulnerability is due to insufficient authorization checkin

CVE-2020-3375 [CRITICAL] CWE-119 CVE-2020-3375: A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to

CVE-2020-3387 [HIGH] CWE-20 CVE-2020-3387: A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to ex A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit this vulnerability by sending a crafted response to the Cisco SD-WAN vManage

CVE-2020-3388 [HIGH] CWE-287 CVE-2020-3388: A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local atta A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The

CVE-2020-3381 [HIGH] CWE-22 CVE-2020-3381: A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an auth A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation of files that are uploaded to an affected device. An attacke

CVE-2020-3405 [HIGH] CWE-611 CVE-2020-3405: A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by p

CVE-2020-3180 [HIGH] CWE-264 CVE-2020-3180: A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this v

CVE-2020-3401 [MEDIUM] CWE-22 CVE-2020-3401: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow a A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by send

CVE-2020-3372 [MEDIUM] CWE-400 CVE-2020-3372: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow a A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a

CVE-2020-3378 [MEDIUM] CWE-89 CVE-2020-3378: A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted

CVE-2020-3406 [MEDIUM] CWE-79 CVE-2020-3406: A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could all A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exp

CVE-2020-3437 [MEDIUM] CWE-59 CVE-2020-3437: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow a A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the f