CVSS: 9.4EPSS: 0%CPEs: 6EXPL: 0CVE-2023-20214
https://notcve.org/view.php?id=CVE-2023-20214
03 Aug 2023 — A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance. A successful exploit could allo... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-unauthapi-sphCLYPA • CWE-287: Improper Authentication •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-20098
https://notcve.org/view.php?id=CVE-2023-20098
09 May 2023 — A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files. This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the s... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-wfnqmYhN • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-24: Path Traversal: '../filedir' •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2023-20035 – Cisco IOS XE SD-WAN Software Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-20035
23 Mar 2023 — A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run commands could exploit this vulnerability by first authenticating to an affected device using either local terminal access or a management shell interface and then submitting crafted input to the system CLI. A successful exploit could allo... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sdwan-VQAhEjYw • CWE-146: Improper Neutralization of Expression/Command Delimiters •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20113 – Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2023-20113
23 Mar 2023 — A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary ac... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-csrf-76RDbLEh • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20830 – Cisco Software-Defined Application Visibility and Control on Cisco vManage Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-20830
10 Oct 2022 — A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC without authentication. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacke... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-avc-NddSGB8 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.7EPSS: 0%CPEs: 19EXPL: 0CVE-2022-20930 – Cisco SD-WAN Software Arbitrary File Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2022-20930
30 Sep 2022 — A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition. Una vulnerabilidad en la CLI ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-cli-xkGwmqKu • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0CVE-2022-20850 – Cisco SD-WAN Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2022-20850
30 Sep 2022 — A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arb-file-delete-VB2rVcQv • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20844 – Cisco Software-Defined Application Visibility and Control on Cisco vManage Static Username and Password Vulnerability
https://notcve.org/view.php?id=CVE-2022-20844
30 Sep 2022 — A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successf... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdavc-ZA5fpXX2 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 83EXPL: 1CVE-2022-20818 – Cisco SD-WAN Software Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20818
30 Sep 2022 — Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Múltiples vulnerabilidades en la CLI del software Cisco SD-WAN podrían permitir a ... • https://github.com/mbadanoiu/CVE-2022-20818 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-25: Path Traversal: '/../filedir' •
CVSS: 7.8EPSS: 0%CPEs: 91EXPL: 1CVE-2022-20775 – Cisco SD-WAN Software Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20775
30 Sep 2022 — Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Varias vulnerabilidades en la CLI del software Cisco SD-WAN podrían permitir a un ... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-wmjv-552v-pxjc • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-25: Path Traversal: '/../filedir' •