CVSS: 8.6EPSS: 0%CPEs: 22EXPL: 0CVE-2021-1241 – Cisco SD-WAN Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1241
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Varias vulnerabilidades en los productos Cisco SD-WAN, podrían permitir a un atacante remoto no autenticado ejecutar ataques de denegación de servicio (DoS) contra un dispositivo afectado. Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 0CVE-2021-1233 – Cisco SD-WAN Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1233
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerability by sending a crafted request to the iperf tool, which is included in Cisco SD-WAN Software. A successful exploit could allow the attacker to obtain any file from the filesystem of an affected device. Una vulnerabilidad en la CLI del Software Cisco SD-WAN, podría permitir a un atacante local autenticado acceder a información confidencial en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-infodis-2-UPO232DG • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2021-1305 – Cisco SD-WAN vManage Authorization Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1305
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la interfaz de administración basada en web del Software Cisco SD-WAN vManage, podrían permitir a un atacante remoto autenticado omitir la autorización y modificar la configuración de un sistema afectado, conseguir acceso a información confidencial y visualizar información para la que no está autorizado acceder. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-abyp-TnGFHrS • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •
CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 0CVE-2021-1260 – Cisco SD-WAN Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1260
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los productos Cisco SD-WAN, podrían permitir a un atacante autenticado llevar a cabo ataques de inyección de comandos contra un dispositivo afectado, lo que podría permitirle al atacante tomar determinadas acciones con privilegios root en el dispositivo. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 0CVE-2021-1261 – Cisco SD-WAN Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1261
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los productos Cisco SD-WAN, podrían permitir a un atacante autenticado llevar a cabo ataques de inyección de comandos contra un dispositivo afectado, lo que podría permitirle al atacante tomar determinadas acciones con privilegios root en el dispositivo. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •