Cisco Sd-Wan Vmanage vulnerabilities

CVE-2021-1506 [CRITICAL] CWE-20 CVE-2021-1506: Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote att Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the De

CVE-2021-1284 [HIGH] CWE-284 CVE-2021-1284: A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the attacker must be able to access an associated Cisco SD-WAN vEdge device. This vuln

CVE-2021-1275 [CRITICAL] CWE-20 CVE-2021-1275: Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote att Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the De

CVE-2021-1514 [HIGH] CWE-20 CVE-2021-1514: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to

CVE-2021-1515 [MEDIUM] CWE-284 CVE-2021-1515: A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker t A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to gain access to sensitive information. This vulnerability is due to improper access controls on API endpoints when Cisco SD-WAN vManage Software is running in multi-tenant mode. An attacker with access to a device that is managed in the multi-tenant en

CVE-2021-1512 [MEDIUM] CWE-552 CVE-2021-1512: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing t

CVE-2021-1535 [MEDIUM] CWE-497 CVE-2021-1535: A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster mode. This vulnerability is due to the absence of authentication for sensitiv

CVE-2021-1486 [MEDIUM] CWE-203 CVE-2021-1486: A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare th

CVE-2021-1507 [MEDIUM] CWE-79 CVE-2021-1507: A vulnerability in an API of Cisco SD-WAN vManage Software could allow an authenticated, remote atta A vulnerability in an API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the application web-based interface. This vulnerability exists because the API does not properly validate user-supplied input. An attacker could exploit this vulnerability by sen

CVE-2021-1479 [HIGH] CWE-119 CVE-2021-1479: Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote att Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1480 [HIGH] CWE-119 CVE-2021-1480: Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote att Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1137 [HIGH] CWE-119 CVE-2021-1137: Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote att Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1225 [CRITICAL] CWE-89 CVE-2021-1225: Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software coul Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates values in SQL queries. An attacker could exploit these vulne

CVE-2021-1235 [MEDIUM] CWE-497 CVE-2021-1235: A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local atta A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the at

CVE-2021-1349 [MEDIUM] CWE-943 CVE-2021-1349: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow a A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by s

CVE-2021-1259 [MEDIUM] CWE-22 CVE-2021-1259: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow a A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain write access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sen

CVE-2020-3579 [MEDIUM] CWE-79 CVE-2020-3579: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow a A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could explo

CVE-2020-3592 [MEDIUM] CWE-284 CVE-2020-3592: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow a A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an affected system. An attacker could exploit this vulnerability by sending c

CVE-2020-27129 [MEDIUM] CWE-88 CVE-2020-27129: A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an aut A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. The vulnerability is due to improper validation of commands to the remote management CLI of the affected application. An attacker could exploit this vulne

CVE-2020-3590 [MEDIUM] CWE-79 CVE-2020-3590: A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could all A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnera