Cisco Ios Xe Sd-Wan vulnerabilities

CVE-2025-20352 [HIGH] CWE-121 CVE-2025-20352: A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low privileges could cause a denial of service (DoS) condition on an affected device that is running Cisco IOS Software or Cisco IOS XE Software. To cause the DoS,

CVE-2025-20151 [MEDIUM] CWE-16 CVE-2025-20151: A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) f A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to poll an affected device using SNMP, even if the device is configured to deny SNMP traffic from an unauthorized source or the SNMPv3 username is remo

CVE-2024-20373 [MEDIUM] CWE-284 CVE-2024-20373: A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access c A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. This vulnerability exists because

CVE-2024-20455 [HIGH] CWE-371 CVE-2024-20455: A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense ( A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because UTD improperly handles certain packets as th

CVE-2022-20850 [HIGH] CWE-22 CVE-2022-20850: A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software cou A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path info

CVE-2021-1529 [HIGH] CWE-78 CVE-2021-1529: A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attac A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the sy

CVE-2021-34729 [MEDIUM] CWE-77 CVE-2021-34729: A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by

CVE-2021-34725 [MEDIUM] CWE-77 CVE-2021-34725: A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attac A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authentic

CVE-2021-34724 [MEDIUM] CWE-284 CVE-2021-34724: A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root user. An attacker must be authenticated on an affected device as a PRIV15 user. This vulnerability is due to insufficient file system protection and the p

CVE-2021-1371 [MEDIUM] CWE-269 CVE-2021-1371: A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an auth A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs because the default configuration is applied for console

CVE-2020-3375 [CRITICAL] CWE-119 CVE-2020-3375: A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to

CVE-2020-3216 [MEDIUM] CWE-287 CVE-2020-3216: A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerabi

CVE-2025-20221 Cisco IOS XE SD-WAN Software Packet Filtering Bypass Vulnerability CVE-2025-20221: Cisco IOS XE SD-WAN Software Packet Filtering Bypass Vulnerability A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. This vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by sending a crafted pac

CVE-2021-1281 Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability CVE-2021-1281: Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit this vulnerability by authenticating to the device as an admini

CVE-2021-1432 Cisco IOS XE SD-WAN Software Arbitrary Command Execution Vulnerability CVE-2021-1432: Cisco IOS XE SD-WAN Software Arbitrary Command Execution Vulnerability A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected device as a low-privileged user to exploit this vulnerability. This vulnerability is due to

CVE-2021-34727 Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability CVE-2021-34727: Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the de

CVE-2023-20035 Cisco IOS XE SD-WAN Software Command Injection Vulnerability CVE-2023-20035: Cisco IOS XE SD-WAN Software Command Injection Vulnerability A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run commands could exploit this vulnerability by first authenticating to an af

CVE-2021-1434 Cisco IOS XE SD-WAN Software Arbitrary File Corruption Vulnerability CVE-2021-1434: Cisco IOS XE SD-WAN Software Arbitrary File Corruption Vulnerability A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command wi

CVE-2019-1950 Cisco IOS XE SD-WAN Software Default Credentials Vulnerability CVE-2019-1950: Cisco IOS XE SD-WAN Software Default Credentials Vulnerability A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated pr

CVE-2021-1382 Cisco IOS XE SD-WAN Software Command Injection Vulnerability CVE-2021-1382: Cisco IOS XE SD-WAN Software Command Injection Vulnerability A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticati