CVE-2024-20496 – Cisco SD-WAN vEdge Routers Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-20496
A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to incorrect handling of a specific type of malformed UDP packet. An attacker in a machine-in-the-middle position could exploit this vulnerability by sending crafted UDP packets to an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition on the affected system. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-vedos-KqFfhps3 • CWE-787: Out-of-bounds Write •
CVE-2022-20716 – Cisco SD-WAN Solution Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2022-20716
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user. Una vulnerabilidad en la CLI del software Cisco SD-WAN podría permitir a un atacante local autenticado alcanzar altos privilegios. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-file-access-VW36d28P • CWE-284: Improper Access Control •
CVE-2021-1546 – Cisco SD-WAN Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1546
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information. Una vulnerabilidad en la CLI de Cisco SD-WAN Software podría permitir a un atacante local autenticado acceder a información confidencial. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-Fhqh8pKX • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2021-1528 – Cisco SD-WAN Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1528
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this vulnerability by invoking a privileged process in the affected system. A successful exploit could allow the attacker to perform actions with the privileges of the root user. Una vulnerabilidad en la CLI del Software Cisco SD-WAN, podría permitir a un atacante local autenticado alcanzar privilegios elevados en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-fuErCWwF • CWE-250: Execution with Unnecessary Privileges •
CVE-2021-1514 – Cisco SD-WAN Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1514
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-QVszVUPy • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •