CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1507 – Cisco SD-WAN vManage API Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2021-1507
06 May 2021 — A vulnerability in an API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the application web-based interface. This vulnerability exists because the API does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending malicious input to the API. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based interface or a... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-xss-eN75jxtW • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2021-1506 – Cisco SD-WAN vManage Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1506
06 May 2021 — Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco SD-WAN vManage Software, podrían permitir a un atacante remoto no autenticado ejecutar códig... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ • CWE-20: Improper Input Validation CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1505 – Cisco SD-WAN vManage Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1505
06 May 2021 — Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco SD-WAN vManage Software, podrían permitir a un atacante remoto no autenticado ejecutar códig... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ • CWE-20: Improper Input Validation CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1486 – Cisco SD-WAN vManage HTTP Authentication User Enumeration Vulnerability
https://notcve.org/view.php?id=CVE-2021-1486
06 May 2021 — A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the HTTP responses that are returned by the affected system to determine which accounts are valid user accounts. Una vulnerabilidad en Cisco SD-WAN vManage Soft... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-enumeration-64eNnDKy • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2021-1468 – Cisco SD-WAN vManage Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1468
06 May 2021 — Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco SD-WAN vManage Software, podrían permitir a un atacante remoto no autenticado ejecutar códig... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 9%CPEs: 3EXPL: 1CVE-2021-1480 – Cisco SD-WAN vManage Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1480
08 Apr 2021 — Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco SD-WAN vManage Software, podrían permitir a un atacante remoto no autenticado ejecutar código arbitrario o permitir a un atacante local autenticado alcanzar p... • https://github.com/xmco/sdwan-cve-2021-1480 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2021-1479 – Cisco SD-WAN vManage Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1479
08 Apr 2021 — Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco SD-WAN vManage Software, podrían permitir a un atacante remoto no autenticado ejecutar código arbitrario o permitir a un atacante local autenticado alcanzar p... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1137 – Cisco SD-WAN vManage Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1137
08 Apr 2021 — Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco SD-WAN vManage Software, podrían permitir a un atacante remoto no autenticado ejecutar código arbitrario o permitir a un atacante local autenticado alcanzar p... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1225 – Cisco SD-WAN vManage SQL Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1225
20 Jan 2021 — Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates values in SQL queries. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-sqlinjm-xV8dsjq5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1235 – Cisco SD-WAN vManage Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1235
20 Jan 2021 — A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read database files from the filesystem of the underlying operating system. Una vulnerabilidad en la CLI del Software Cisco SD-WAN vManage, podría pe... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vinfdis-MC8L58dj • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •