Cisco Vedge 100Wm Firmware vulnerabilities

CVE-2021-1546 [MEDIUM] CWE-209 CVE-2021-1546: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit

CVE-2021-1528 [HIGH] CWE-250 CVE-2021-1528: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this vulnerability by invoking a privileged process in the affected

CVE-2021-1510 [HIGH] CWE-119 CVE-2021-1510: Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1509 [HIGH] CWE-119 CVE-2021-1509: Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1514 [HIGH] CWE-20 CVE-2021-1514: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to

CVE-2021-1511 [HIGH] CWE-119 CVE-2021-1511: Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2018-0349 [CRITICAL] CWE-20 CVE-2018-0349: A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwr A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this vulnerability by m

CVE-2018-0347 [HIGH] CWE-77 CVE-2018-0347: A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could al A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting

CVE-2018-0345 [HIGH] CWE-20 CVE-2018-0345: A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allo A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are pas

CVE-2018-0351 [HIGH] CWE-77 CVE-2018-0351: A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an auth A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted in

CVE-2018-0346 [HIGH] CWE-119 CVE-2018-0346: A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an u A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checks for certain values in packets that are sent to the Zero Touch Provisioning service of the affected soft

CVE-2018-0344 [HIGH] CWE-77 CVE-2018-0344: A vulnerability in the vManage dashboard for the configuration and management service of the Cisco S A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the

CVE-2018-0350 [HIGH] CWE-77 CVE-2018-0350: A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authe A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted in

CVE-2018-0343 [HIGH] CWE-284 CVE-2018-0343: A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient access restrictions to the HTTP management interface of

CVE-2018-0348 [HIGH] CWE-77 CVE-2018-0348: A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacke A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the load comman

CVE-2018-0342 [MEDIUM] CWE-119 CVE-2018-0342: A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete bounds checks for data that is provided by the configuration and