CVSS: 8.6EPSS: 0%CPEs: 22EXPL: 0CVE-2021-1279 – Cisco SD-WAN Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1279
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los productos Cisco SD-WAN, podrían permitir a un atacante no autenticado remoto ejecutar ataques de denegación de servicio (DoS) contra un dispositivo afectado. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 18EXPL: 0CVE-2021-1298 – Cisco SD-WAN Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1298
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los productos Cisco SD-WAN, podrían permitir a un atacante autenticado conducir ataques de inyección de comandos contra un dispositivo afectado, lo que podría permitirle al atacante tomar determinadas acciones con privilegios root en el dispositivo. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 18EXPL: 0CVE-2021-1299 – Cisco SD-WAN Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1299
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los productos Cisco SD-WAN, podrían permitir a un atacante autenticado llevar a cabo ataques de inyección de comandos contra un dispositivo afectado, lo que podría permitir al atacante tomar determinadas acciones con privilegios root en el dispositivo. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3468 – Cisco SD-WAN vManage Software SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-3468
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL queries. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system. Una vulnerabilidad en la interfaz de administración basada en web de Cisco SD-WAN vManage Software podría permitir a un atacante remoto autenticado llevar a cabo ataques de inyección SQL sobre un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-v78FubGV • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-3437 – Cisco SD-WAN vManage Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3437
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the filesystem of the underlying operating system. Una vulnerabilidad en la interfaz de administración basada en web de Cisco SD-WAN vManage Software podría permitir a un atacante remoto autenticado leer archivos arbitrarios en el sistema de archivos subyacente del dispositivo. • http://packetstormsecurity.com/files/162958/Cisco-SD-WAN-vManage-19.2.2-Remote-Root.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanwebid-5QWMcCvt • CWE-59: Improper Link Resolution Before File Access ('Link Following') •