CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-3381 – Cisco SD-WAN vManage Software Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2020-3381
A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation of files that are uploaded to an affected device. An attacker could exploit this vulnerability by uploading a crafted file to an affected system. An exploit could allow the attacker to view or modify arbitrary files on the targeted system. Una vulnerabilidad en la interfaz de administración web de Cisco SD-WAN vManage Software podría permitir a un atacante remoto autenticado llevar a cabo ataques de salto de directorio y obtener acceso de lectura y escritura a archivos confidenciales en un sistema objetivo. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmdirtrav-eFdAxsJg • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2020-3378 – Cisco SD-WAN vManage Software SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-3378
A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data. Una vulnerabilidad en la interfaz de administración basada en web para Cisco SD-WAN vManage Software podría permitir a un atacante remoto autenticado afectar la integridad de un sistema afectado mediante una ejecución de consultas SQL arbitrarias. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sivm-M8wugR9O • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-3372 – Cisco SD-WAN vManage Software Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3372
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to the affected web-based management interface. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and could result in a DoS condition. Una vulnerabilidad en la interfaz de administración basada en web de Cisco SD-WAN vManage Software podría permitir a un atacante remoto autenticado consumir memoria excesiva del sistema y causar una condición de denegación de servicio (DoS) sobre un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-emvman-3y6LuTcZ • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 0%CPEs: 6EXPL: 0CVE-2020-3369 – Cisco SD-WAN vEdge Routers Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3369
A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP packets through an affected device. A successful exploit could allow the attacker to make the device reboot continuously, causing a DoS condition. Una vulnerabilidad en el motor deep packet inspection (DPI) de Cisco SD-WAN vEdge Routers, podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9f • CWE-118: Incorrect Access of Indexable Resource ('Range Error') •
CVSS: 8.6EPSS: 0%CPEs: 8EXPL: 0CVE-2020-3358 – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3358
A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to the targeted device. A successful exploit could allow the attacker to cause a reload, resulting in a DoS condition. Una vulnerabilidad en la funcionalidad Secure Sockets Layer (SSL) VPN para Cisco Small Business RV VPN Routers, podría permitir a un atacante remoto no autenticado causar el reinicio inesperado del dispositivo, causando una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-dos-ZN5GvNH7 • CWE-20: Improper Input Validation •