CVSS: 9.0EPSS: 0%CPEs: 18EXPL: 0CVE-2021-1298 – Cisco SD-WAN Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1298
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los productos Cisco SD-WAN, podrían permitir a un atacante autenticado conducir ataques de inyección de comandos contra un dispositivo afectado, lo que podría permitirle al atacante tomar determinadas acciones con privilegios root en el dispositivo. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 18EXPL: 0CVE-2021-1299 – Cisco SD-WAN Command Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1299
Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en los productos Cisco SD-WAN, podrían permitir a un atacante autenticado llevar a cabo ataques de inyección de comandos contra un dispositivo afectado, lo que podría permitir al atacante tomar determinadas acciones con privilegios root en el dispositivo. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-3388 – Cisco SD-WAN vManage Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-3388
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated to access the CLI. A successful exploit could allow the attacker to execute commands with root privileges. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clibypvman-sKcLf2L • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 1CVE-2020-3387 – Cisco SD-WAN vManage Software Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-3387
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit this vulnerability by sending a crafted response to the Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to access the software and execute commands they should not be authorized to execute. Una vulnerabilidad en el Cisco SD-WAN vManage Software podría permitir a un atacante remoto autenticado ejecutar código con privilegios root sobre un sistema afectado. • http://packetstormsecurity.com/files/162958/Cisco-SD-WAN-vManage-19.2.2-Remote-Root.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanrce-4jtWT28P • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 0CVE-2020-3385 – Cisco SD-WAN vEdge Routers Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3385
A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted packets through an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition. Una vulnerabilidad en el motor deep packet inspection (DPI) de Cisco SD-WAN vEdge Routers podría permitir a un atacante adyacente no autenticado causar una condición de denegación de servicio (DoS) sobre un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vedgfpdos-PkqQrnwV • CWE-371: State Issues •