Cisco Sd-Wan Vmanage vulnerabilities

CVE-2020-3591 [MEDIUM] CWE-79 CVE-2020-3591: A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could all A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exp

CVE-2020-3587 [MEDIUM] CWE-79 CVE-2020-3587: A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could all A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnera

CVE-2023-20113 Cisco SD-WAN vManage Software Cluster Mode Cross-Site Request Forgery Vulnerability CVE-2023-20113: Cisco SD-WAN vManage Software Cluster Mode Cross-Site Request Forgery Vulnerability A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software when it is operating in cluster mode could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF prote

CVE-2020-26066 Cisco SD-WAN vManage Software XML External Entity Vulnerability CVE-2020-26066: Cisco SD-WAN vManage Software XML External Entity Vulnerability A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vul

CVE-2021-1470 Cisco SD-WAN vManage SQL Injection Vulnerability CVE-2021-1470: Cisco SD-WAN vManage SQL Injection Vulnerability A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected system. An attacker could exploit this vulnerability by authenticating to the application and sendi

CVE-2020-3378 Cisco SD-WAN vManage Software SQL Injection Vulnerability CVE-2020-3378: Cisco SD-WAN vManage Software SQL Injection Vulnerability A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted

CVE-2020-3374 Cisco SD-WAN vManage Software Authorization Bypass Vulnerability CVE-2020-3374: Cisco SD-WAN vManage Software Authorization Bypass Vulnerability A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The vulnerability is due to insufficient authorizati

CVE-2020-3372 Cisco SD-WAN vManage Software Denial of Service Vulnerability CVE-2020-3372: Cisco SD-WAN vManage Software Denial of Service Vulnerability A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sen

CVE-2021-1234 Cisco SD-WAN vManage Software Information Disclosure Vulnerability CVE-2021-1234: Cisco SD-WAN vManage Software Information Disclosure Vulnerability A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the vManage software must be in cluster mode. This vulnerability is due to the absence of authentication for sens

CVE-2021-1589 Cisco SD-WAN vManage Software Disaster Recovery Feature Password Exposure Vulnerability CVE-2021-1589: Cisco SD-WAN vManage Software Disaster Recovery Feature Password Exposure Vulnerability A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this v

CVE-2020-3437 Cisco SD-WAN vManage Software Information Disclosure Vulnerability CVE-2020-3437: Cisco SD-WAN vManage Software Information Disclosure Vulnerability A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file r

CVE-2021-1232 Cisco SD-WAN vManage Information Disclosure Vulnerability CVE-2021-1232: Cisco SD-WAN vManage Information Disclosure Vulnerability A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that is written to an affected system. An attacker could exploi

CVE-2022-20734 Cisco SD-WAN vManage Software Information Disclosure Vulnerability CVE-2022-20734: Cisco SD-WAN vManage Software Information Disclosure Vulnerability A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affect

CVE-2020-26074 Cisco SD-WAN vManage Software Privilege Escalation Vulnerability CVE-2020-26074: Cisco SD-WAN vManage Software Privilege Escalation Vulnerability A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An attacker could exploit this vulnerability

CVE-2019-12629 Cisco SD-WAN vManage Command Injection Vulnerability CVE-2019-12629: Cisco SD-WAN vManage Command Injection Vulnerability A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability

CVE-2020-3406 Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability CVE-2020-3406: Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attac

CVE-2020-3536 Cisco SD-WAN vManage Cross-Site Scripting Vulnerability CVE-2020-3536: Cisco SD-WAN vManage Cross-Site Scripting Vulnerability A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this

CVE-2020-26073 Cisco SD-WAN vManage Software Directory Traversal Vulnerability CVE-2020-26073: Cisco SD-WAN vManage Software Directory Traversal Vulnerability A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker cou

CVE-2020-26065 Cisco SD-WAN vManage Software Path Traversal Vulnerability CVE-2020-26065: Cisco SD-WAN vManage Software Path Traversal Vulnerability A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by s

CVE-2021-1462 Cisco SD-WAN vManage Software Privilege Escalation Vulnerability CVE-2021-1462: Cisco SD-WAN vManage Software Privilege Escalation Vulnerability A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to elevate privileges on an affected system. To exploit this vulnerability, an attacker would need to have a valid Administrator account on an affected system. The vulnerability is due to incorrect privilege assignment. An attacker coul