CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1235 – Cisco SD-WAN vManage Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1235
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read database files from the filesystem of the underlying operating system. Una vulnerabilidad en la CLI del Software Cisco SD-WAN vManage, podría permitir a un atacante local autenticado leer archivos de bases de datos confidenciales en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vinfdis-MC8L58dj • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 0CVE-2021-1233 – Cisco SD-WAN Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1233
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerability by sending a crafted request to the iperf tool, which is included in Cisco SD-WAN Software. A successful exploit could allow the attacker to obtain any file from the filesystem of an affected device. Una vulnerabilidad en la CLI del Software Cisco SD-WAN, podría permitir a un atacante local autenticado acceder a información confidencial en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-infodis-2-UPO232DG • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2021-1305 – Cisco SD-WAN vManage Authorization Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1305
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la interfaz de administración basada en web del Software Cisco SD-WAN vManage, podrían permitir a un atacante remoto autenticado omitir la autorización y modificar la configuración de un sistema afectado, conseguir acceso a información confidencial y visualizar información para la que no está autorizado acceder. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-abyp-TnGFHrS • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1349 – Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1349
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information. Una vulnerabilidad en la interfaz de administración basada en web del Software Cisco SD-WAN vManage, podría permitir a un atacante remoto autenticado conducir ataques de inyección de lenguaje de consulta de Cifrado en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-72EhnUc • CWE-943: Improper Neutralization of Special Elements in Data Query Logic •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1259 – Cisco SD-WAN vManage Software Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2021-1259
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain write access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to write arbitrary files on the affected system. Una vulnerabilidad en la interfaz de administración basada en web del Software Cisco SD-WAN vManage, podría permitir a un atacante remoto autenticado conducir ataques de salto de ruta y obtener acceso de escritura a archivos confidenciales en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-pathtrav-Z5mCVsjf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •