CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1647 – Cisco SD-WAN Solution Unauthorized Access Vulnerability
https://notcve.org/view.php?id=CVE-2019-1647
24 Jan 2019 — A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files. Una vulnerabilidad en la solución Cisco SD-WAN podría permitir a un a... • http://www.securityfocus.com/bid/106705 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 1%CPEs: 12EXPL: 0CVE-2019-1650 – Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2019-1650
24 Jan 2019 — A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the save command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of a... • http://www.securityfocus.com/bid/106716 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 3%CPEs: 1EXPL: 0CVE-2019-1651 – Cisco SD-WAN Solution Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2019-1651
24 Jan 2019 — A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user. The vulnerability is due to improper bounds checking by the vContainer. An attacker could exploit this vulnerability by sending a malicious file to an affected vContainer instance. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected vContainer, which could result in... • http://www.securityfocus.com/bid/106703 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2018-0433 – Cisco SD-WAN Solution Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2018-0433
05 Oct 2018 — A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with... • http://www.securityfocus.com/bid/105295 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2018-0342
https://notcve.org/view.php?id=CVE-2018-0342
18 Jul 2018 — A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete bounds checks for data that is provided by the configuration and monitoring service of the affected solution. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on an affe... • http://www.securityfocus.com/bid/104877 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 19EXPL: 0CVE-2018-0343
https://notcve.org/view.php?id=CVE-2018-0343
18 Jul 2018 — A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient access restrictions to the HTTP management interface of the affected solution. An attacker could exploit this vulnerability by sending a malicious HTTP request to the affected management service through an authent... • http://www.securityfocus.com/bid/104861 • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2018-0344
https://notcve.org/view.php?id=CVE-2018-0344
18 Jul 2018 — A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successfu... • http://www.securityfocus.com/bid/104868 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 19EXPL: 0CVE-2018-0345
https://notcve.org/view.php?id=CVE-2018-0345
18 Jul 2018 — A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that co... • http://www.securityfocus.com/bid/104859 • CWE-20: Improper Input Validation CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2018-0346
https://notcve.org/view.php?id=CVE-2018-0346
18 Jul 2018 — A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checks for certain values in packets that are sent to the Zero Touch Provisioning service of the affected software. An attacker could exploit this vulnerability by sending malicious packets to the affected software for processing. When the software processes the pack... • http://www.securityfocus.com/bid/104855 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2018-0347
https://notcve.org/view.php?id=CVE-2018-0347
18 Jul 2018 — A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the affected parameter. The attacker must be authenticated to access the affected parameter. A successful exploit could allow an attacke... • http://www.securityfocus.com/bid/104862 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •