Cisco Sd-Wan Vmanage vulnerabilities

CVE-2021-1484 Cisco SD-WAN vManage Command Injection Vulnerability CVE-2021-1484: Cisco SD-WAN vManage Command Injection Vulnerability A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to inject arbitrary commands on an affected system and cause a denial of service (DoS) condition. This vulnerability is due to improper input validation of user-supplied input to the device template configuration. An attacker could exploit this vulnerabili

CVE-2020-3405 Cisco SD-WAN vManage Software XML External Entity Vulnerability CVE-2020-3405: Cisco SD-WAN vManage Software XML External Entity Vulnerability A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulne

CVE-2020-3381 Cisco SD-WAN vManage Software Directory Traversal Vulnerability CVE-2020-3381: Cisco SD-WAN vManage Software Directory Traversal Vulnerability A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation of files that are uploaded to an affected devic

CVE-2020-3387 Cisco SD-WAN vManage Software Remote Code Execution Vulnerability CVE-2020-3387: Cisco SD-WAN vManage Software Remote Code Execution Vulnerability A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit this vulnerability by sending a crafted response to the Cis

CVE-2020-27128 Cisco SD-WAN vManage Software Arbitrary File Creation Vulnerability CVE-2020-27128: Cisco SD-WAN vManage Software Arbitrary File Creation Vulnerability A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by sending malicious requests to an API wi

CVE-2020-26064 Cisco SD-WAN vManage Software XML External Entity Vulnerability CVE-2020-26064: Cisco SD-WAN vManage Software XML External Entity Vulnerability A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vul

CVE-2021-1491 Cisco SD-WAN vManage Software Information Disclosure Vulnerability CVE-2021-1491: Cisco SD-WAN vManage Software Information Disclosure Vulnerability A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the device. This vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file

CVE-2020-3388 Cisco SD-WAN vManage Software Command Injection Vulnerability CVE-2020-3388: Cisco SD-WAN vManage Software Command Injection Vulnerability A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the C

CVE-2020-3468 Cisco SD-WAN vManage Software SQL Injection Vulnerability CVE-2020-3468: Cisco SD-WAN vManage Software SQL Injection Vulnerability A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL queries. An attacker could exploit this vulnerability by au

CVE-2020-3401 Cisco SD-WAN vManage Software Path Traversal Vulnerability CVE-2020-3401: Cisco SD-WAN vManage Software Path Traversal Vulnerability A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sen