3 results (0.010 seconds)

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. These actions could include modifying the system configuration and deleting accounts. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-csrf-76RDbLEh • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.7EPSS: 0%CPEs: 19EXPL: 0

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition. Una vulnerabilidad en la CLI del software Cisco SD-WAN podría permitir a un atacante local autenticado sobrescribir y posiblemente corromper archivos en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-cli-xkGwmqKu • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 7.8EPSS: 0%CPEs: 83EXPL: 1

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Múltiples vulnerabilidades en la CLI del software Cisco SD-WAN podrían permitir a un atacante local autenticado conseguir altos privilegios. • https://github.com/mbadanoiu/CVE-2022-20818 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-25: Path Traversal: '/../filedir' •