Page 2 of 8 results (0.003 seconds)

CVSS: 7.8EPSS: 0%CPEs: 91EXPL: 1

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Varias vulnerabilidades en la CLI del software Cisco SD-WAN podrían permitir a un atacante local autenticado conseguir altos privilegios. • https://github.com/orangecertcc/security-research/security/advisories/GHSA-wmjv-552v-pxjc https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-25: Path Traversal: '/../filedir' •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user. Una vulnerabilidad en la CLI del software Cisco SD-WAN podría permitir a un atacante local autenticado alcanzar altos privilegios. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-file-access-VW36d28P • CWE-284: Improper Access Control •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this vulnerability by sending a request to an API endpoint. A successful exploit could allow the attacker to gain unauthorized access to administrative credentials that could be used in further attacks. Una vulnerabilidad en la funcionalidad disaster recovery de Cisco SD-WAN vManage Software podría permitir a un atacante remoto autenticado conseguir acceso no autorizado a las credenciales del usuario. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-credentials-ydYfskzZ • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •