CVSS: 6.1EPSS: 0%CPEs: 79EXPL: 0CVE-2021-1461 – Cisco SD-WAN Software Signature Verification Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1461
18 Nov 2024 — A vulnerability in the Image Signature Verification feature of Cisco SD-WAN Software could allow an authenticated, remote attacker with Administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the at... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-sigverbypass-gPYXd6Mk • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.4EPSS: 0%CPEs: 28EXPL: 0CVE-2021-1444 – Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software Web Services Interface Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2021-1444
18 Nov 2024 — A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a craf... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-webui-gQLSFyPM • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 39EXPL: 0CVE-2021-1462 – Cisco SD-WAN vManage Software Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1462
18 Nov 2024 — A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to elevate privileges on an affected system. To exploit this vulnerability, an attacker would need to have a valid Administrator account on an affected system. The vulnerability is due to incorrect privilege assignment. An attacker could exploit this vulnerability by logging in to an affected system with an Administrator account and creating a malicious file, which the system would parse at a later ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-vman-kth3c82B • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0CVE-2021-1465
https://notcve.org/view.php?id=CVE-2021-1465
18 Nov 2024 — A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-dir-trav-Bpwc5gtm • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 38EXPL: 0CVE-2021-1466 – Cisco SD-WAN vDaemon Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-1466
15 Nov 2024 — A vulnerability in the vDaemon service of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to cause a buffer overflow on an affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete bounds checks for data that is provided to the vDaemon service of an affected system. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on the affected system. A successful exploit could allow... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vdaemon-bo-RuzzEA2 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 47EXPL: 0CVE-2021-1470 – Cisco SD-WAN SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1470
15 Nov 2024 — A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected system. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values fro... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-sqlinj-HDJUeEAX • CWE-20: Improper Input Validation CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 56EXPL: 0CVE-2021-1481 – Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1481
15 Nov 2024 — A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information.Cisco&... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC • CWE-943: Improper Neutralization of Special Elements in Data Query Logic •
CVSS: 6.4EPSS: 0%CPEs: 56EXPL: 0CVE-2021-1482 – Cisco SD-WAN vManage Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1482
15 Nov 2024 — A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system. This vulnerability is due to insufficient authorization checks. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to bypass authorization chec... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 41EXPL: 0CVE-2021-1464 – Cisco SD-WAN vManage Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1464
15 Nov 2024 — A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exists because the affected software has insufficient input validation for certain commands. An attacker could exploit this vulnerability by sending crafted requests to the affected commands of an affected system. A successful exploit could allow the attacker to bypass authori... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-sqlinj-HDJUeEAX • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 55EXPL: 0CVE-2021-1483 – Cisco SD-WAN vManage Software XML External Entity Vulnerability
https://notcve.org/view.php?id=CVE-2021-1483
15 Nov 2024 — A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. This vulnerability is due to improper handling of XML External Entity (XXE) entries when the affected software parses certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and w... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX • CWE-611: Improper Restriction of XML External Entity Reference •