Cisco Ios Xe Sd-Wan vulnerabilities

CVE-2021-1433 Cisco IOS XE SD-WAN Software vDaemon Buffer Overflow Vulnerability CVE-2021-1433: Cisco IOS XE SD-WAN Software vDaemon Buffer Overflow Vulnerability A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when the device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to

CVE-2021-1612 Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability CVE-2021-1612: Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific locat

CVE-2021-1454 Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities CVE-2021-1454: Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the dev

CVE-2021-34723 Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability CVE-2021-34723: Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this

CVE-2021-1436 Cisco IOS XE SD-WAN Software Path Traversal Vulnerability CVE-2021-1436: Cisco IOS XE SD-WAN Software Path Traversal Vulnerability A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request t

CVE-2021-1383 Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities CVE-2021-1383: Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the dev

CVE-2021-1431 Cisco IOS XE SD-WAN Software vDaemon Denial of Service Vulnerability CVE-2021-1431: Cisco IOS XE SD-WAN Software vDaemon Denial of Service Vulnerability A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service (DoS) condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted t

CVE-2019-16011 Cisco IOS XE SD-WAN Software Command Injection Vulnerability CVE-2019-16011: Cisco IOS XE SD-WAN Software Command Injection Vulnerability A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CL