CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1275 – Cisco SD-WAN vManage Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1275
06 May 2021 — Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco SD-WAN vManage Software, podrían permitir a un atacante remoto no autenticado ejecutar códig... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1284 – Cisco SD-WAN vManage Software Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1284
06 May 2021 — A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the attacker must be able to access an associated Cisco SD-WAN vEdge device. This vulnerability is due to insufficient authorization checks. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based messag... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-auth-bypass-65aYqcS2 • CWE-284: Improper Access Control •
CVSS: 6.0EPSS: 0%CPEs: 27EXPL: 0CVE-2021-1512 – Cisco SD-WAN Software Arbitrary File Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2021-1512
06 May 2021 — A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content in any arbitrary files that reside on the underly... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfile-7Qhd9mCn • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-1508 – Cisco SD-WAN vManage Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1508
06 May 2021 — Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco SD-WAN vManage Software, podrían permitir a un atacante remoto no autenticado ejecutar códig... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ • CWE-20: Improper Input Validation CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1506 – Cisco SD-WAN vManage Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1506
06 May 2021 — Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco SD-WAN vManage Software, podrían permitir a un atacante remoto no autenticado ejecutar códig... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ • CWE-20: Improper Input Validation CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1505 – Cisco SD-WAN vManage Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1505
06 May 2021 — Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco SD-WAN vManage Software, podrían permitir a un atacante remoto no autenticado ejecutar códig... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ • CWE-20: Improper Input Validation CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1486 – Cisco SD-WAN vManage HTTP Authentication User Enumeration Vulnerability
https://notcve.org/view.php?id=CVE-2021-1486
06 May 2021 — A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the HTTP responses that are returned by the affected system to determine which accounts are valid user accounts. Una vulnerabilidad en Cisco SD-WAN vManage Soft... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-enumeration-64eNnDKy • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1468 – Cisco SD-WAN vManage Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1468
06 May 2021 — Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco SD-WAN vManage Software, podrían permitir a un atacante remoto no autenticado ejecutar códig... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 5.8EPSS: 0%CPEs: 26EXPL: 0CVE-2021-1495 – Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1495
29 Apr 2021 — Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload. Múltiples... • https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-1480 – Cisco SD-WAN vManage Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1480
08 Apr 2021 — Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco SD-WAN vManage Software, podrían permitir a un atacante remoto no autenticado ejecutar código arbitrario o permitir a un atacante local autenticado alcanzar p... • https://github.com/xmco/sdwan-cve-2021-1480 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •