CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1506 – Cisco SD-WAN vManage Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1506
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco SD-WAN vManage Software, podrían permitir a un atacante remoto no autenticado ejecutar código arbitrario o conseguir acceso a información confidencial, o permitir a un atacante local autenticado alcanzar escalar privilegios o conseguir acceso no autorizado a la aplicación. Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ • CWE-20: Improper Input Validation CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1505 – Cisco SD-WAN vManage Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1505
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco SD-WAN vManage Software, podrían permitir a un atacante remoto no autenticado ejecutar código arbitrario o conseguir acceso a información confidencial, o permitir a un atacante local autenticado alcanzar escalar privilegios o conseguir acceso no autorizado a la aplicación. Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ • CWE-20: Improper Input Validation CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1486 – Cisco SD-WAN vManage HTTP Authentication User Enumeration Vulnerability
https://notcve.org/view.php?id=CVE-2021-1486
A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the HTTP responses that are returned by the affected system to determine which accounts are valid user accounts. Una vulnerabilidad en Cisco SD-WAN vManage Software, podría permitir a un atacante remoto no autenticado enumerar las cuentas de usuario. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-enumeration-64eNnDKy • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1468 – Cisco SD-WAN vManage Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1468
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco SD-WAN vManage Software, podrían permitir a un atacante remoto no autenticado ejecutar código arbitrario o conseguir acceso a información confidencial, o permitir a un atacante local autenticado alcanzar escalar privilegios o conseguir acceso no autorizado a la aplicación. Para mayor información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1480 – Cisco SD-WAN vManage Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1480
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco SD-WAN vManage Software, podrían permitir a un atacante remoto no autenticado ejecutar código arbitrario o permitir a un atacante local autenticado alcanzar privilegios escalados en un sistema afectado. Para mayor información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •