Cisco Vedge 5000 Firmware vulnerabilities

9 known vulnerabilities affecting cisco/vedge_5000_firmware.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH7MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2021-1546MEDIUMCVSS 5.5≥ 18.4, < 20.4.2≥ 20.5, < 20.5.2+1 more2021-09-23
CVE-2021-1546 [MEDIUM] CWE-209 CVE-2021-1546: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit
nvd
CVE-2021-1528HIGHCVSS 7.8≥ 20.4, < 20.4.2≥ 20.5, < 20.5.12021-06-04
CVE-2021-1528 [HIGH] CWE-250 CVE-2021-1528: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this vulnerability by invoking a privileged process in the affected
nvd
CVE-2021-1510HIGHCVSS 7.5≥ 20.4, < 20.4.1≥ 20.5, < 20.5.1+1 more2021-05-06
CVE-2021-1510 [HIGH] CWE-119 CVE-2021-1510: Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
nvd
CVE-2021-1509HIGHCVSS 7.5≥ 20.4, < 20.4.1≥ 20.5, < 20.5.1+1 more2021-05-06
CVE-2021-1509 [HIGH] CWE-119 CVE-2021-1509: Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
nvd
CVE-2021-1514HIGHCVSS 7.8fixed in 18.3≥ 20.1, < 20.1.1+3 more2021-05-06
CVE-2021-1514 [HIGH] CWE-20 CVE-2021-1514: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to
nvd
CVE-2021-1511MEDIUMCVSS 6.5≥ 20.4, < 20.4.1≥ 20.5, < 20.5.1+1 more2021-05-06
CVE-2021-1511 [HIGH] CWE-119 CVE-2021-1511: Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
nvd
CVE-2018-0433HIGHCVSS 7.8fixed in 18.3.02018-10-05
CVE-2018-0433 [HIGH] CWE-77 CVE-2018-0433: A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an auth A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted in
nvd
CVE-2018-0434HIGHCVSS 7.4fixed in 18.3.02018-10-05
CVE-2018-0434 [HIGH] CWE-295 CVE-2018-0434: A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an u A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supply
nvd
CVE-2018-0432HIGHCVSS 8.8fixed in 18.3.02018-10-05
CVE-2018-0432 [HIGH] CWE-264 CVE-2018-0432: A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authentic A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerabil
nvd