Cisco Vedge-2000 Firmware vulnerabilities

10 known vulnerabilities affecting cisco/vedge-2000_firmware.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH8MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2018-0349CRITICALCVSS 9.8fixed in 18.3.02018-07-18
CVE-2018-0349 [CRITICAL] CWE-20 CVE-2018-0349: A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwr A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this vulnerability by m
nvd
CVE-2018-0347HIGHCVSS 7.8fixed in 18.3.02018-07-18
CVE-2018-0347 [HIGH] CWE-77 CVE-2018-0347: A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could al A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting
nvd
CVE-2018-0345HIGHCVSS 8.8fixed in 18.3.02018-07-18
CVE-2018-0345 [HIGH] CWE-20 CVE-2018-0345: A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allo A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are pas
nvd
CVE-2018-0351HIGHCVSS 7.8fixed in 18.3.02018-07-18
CVE-2018-0351 [HIGH] CWE-77 CVE-2018-0351: A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an auth A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted in
nvd
CVE-2018-0346HIGHCVSS 7.5fixed in 18.3.02018-07-18
CVE-2018-0346 [HIGH] CWE-119 CVE-2018-0346: A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an u A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checks for certain values in packets that are sent to the Zero Touch Provisioning service of the affected soft
nvd
CVE-2018-0344HIGHCVSS 7.2fixed in 18.3.02018-07-18
CVE-2018-0344 [HIGH] CWE-77 CVE-2018-0344: A vulnerability in the vManage dashboard for the configuration and management service of the Cisco S A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the
nvd
CVE-2018-0350HIGHCVSS 8.8fixed in 18.3.02018-07-18
CVE-2018-0350 [HIGH] CWE-77 CVE-2018-0350: A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authe A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted in
nvd
CVE-2018-0343HIGHCVSS 8.8fixed in 18.3.02018-07-18
CVE-2018-0343 [HIGH] CWE-284 CVE-2018-0343: A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient access restrictions to the HTTP management interface of
nvd
CVE-2018-0348HIGHCVSS 7.2fixed in 18.3.02018-07-18
CVE-2018-0348 [HIGH] CWE-77 CVE-2018-0348: A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacke A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the load comman
nvd
CVE-2018-0342MEDIUMCVSS 6.7fixed in 18.3.02018-07-18
CVE-2018-0342 [MEDIUM] CWE-119 CVE-2018-0342: A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete bounds checks for data that is provided by the configuration and
nvd