CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2021-1300 – Cisco SD-WAN Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1300
20 Jan 2021 — Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los productos Cisco SD-WAN, podrían permitir a un atacante no autenticado remoto ejecutar ataques contra un dispositivo afectado. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2021-1301 – Cisco SD-WAN Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1301
20 Jan 2021 — Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los productos Cisco SD-WAN, podrían permitir a un atacante no autenticado remoto ejecutar ataques contra un dispositivo afectado. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1302 – Cisco SD-WAN vManage Authorization Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1302
20 Jan 2021 — Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la interfaz de administración basada en web del Software Cisco SD-WAN vMa... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-abyp-TnGFHrS • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1304 – Cisco SD-WAN vManage Authorization Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1304
20 Jan 2021 — Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la interfaz de administración basada en web del Software Cisco SD-WAN vMa... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-abyp-TnGFHrS • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3600 – Cisco SD-WAN Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3600
06 Nov 2020 — A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient security controls on the CLI. An attacker could exploit this vulnerability by using an affected CLI utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges. Una vulnerabilidad en Cisco SD-WAN Software, podría permitir a un atacante local autenticado elevar p... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepeshlg-tJghOQcA • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3595 – Cisco SD-WAN Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3595
06 Nov 2020 — A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. The vulnerability is due to incorrect permissions being set when the affected command is executed. An attacker could exploit this vulnerability by executing the affected command on an affected system. A successful exploit could allow the attacker to gain root privileges. Una vulnerabilidad en Cisco SD-WAN Software podría permitir a un atacante local au... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepegr-4xynYLUj • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3594 – Cisco SD-WAN Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3594
06 Nov 2020 — A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted options to a specific command. A successful exploit could allow the attacker to gain root privileges. Una vulnerabilidad en Cisco SD-WAN Software podría permitir a un atacante local autenticado elevar privilegios a root en el sistema o... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepestd-8C3J9Vc • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3593 – Cisco SD-WAN Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3593
06 Nov 2020 — A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to a utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges. Una vulnerabilidad en Cisco SD-WAN Software podría permitir a un atacante local autenticado elevar privi... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepescm-BjgQm4vJ • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3592 – Cisco SD-WAN vManage Software Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-3592
06 Nov 2020 — A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain privileges beyond what ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanuafw-ZHkdGGEy • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3591 – Cisco SD-WAN vManage Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2020-3591
06 Nov 2020 — A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the co... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanxsshi-9KHEqRpM • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •