Page 62 of 6290 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 140EXPL: 0

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default. Una vulnerabilidad en la interfaz de usuario web del software Cisco IOS XE podría permitir que un atacante remoto autenticado realice un ataque de inyección contra un dispositivo afectado. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdij-FzZAeXAy • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application. Una vulnerabilidad en las API del Security Assertion Markup Language (SAML) del software Cisco Catalyst SD-WAN Manager podría permitir que un atacante remoto no autenticado obtenga acceso no autorizado a la aplicación como un usuario arbitrario. Esta vulnerabilidad se debe a comprobaciones de autenticación incorrectas para las API de SAML. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z • CWE-287: Improper Authentication CWE-862: Missing Authorization •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not affected. This vulnerability is due to insufficient resource management when an affected system is in an error condition. An attacker could exploit this vulnerability by sending malicious traffic to the affected system. A successful exploit could allow the attacker to cause the SSH process to crash and restart, resulting in a DoS condition for the SSH service. Una vulnerabilidad en el servicio SSH de Cisco Catalyst SD-WAN Manager podría permitir que un atacante remoto no autenticado provoque una falla del proceso, lo que resultaría en una condición de DoS solo para el acceso SSH. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the presence of a static username and password configured on the vManage. An attacker could exploit this vulnerability by sending a crafted HTTP request to a reachable vManage on port 9200. A successful exploit could allow the attacker to view the Elasticsearch database content. There are workarounds that address this vulnerability. Una vulnerabilidad en la base de datos de Elasticsearch utilizada en el software Cisco SD-WAN vManage podría permitir que un atacante remoto no autenticado acceda a la base de datos de configuración de Elasticsearch de un dispositivo afectado con los privilegios del usuario de elasticsearch. Esta vulnerabilidad se debe a la presencia de un nombre de usuario y una contraseña estáticos configurados en vManage. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z • CWE-798: Use of Hard-coded Credentials •

CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0

A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to improper access control in the cli-management interface of an affected system. An attacker with low-privilege (read only) access to the cli could exploit this vulnerability by sending a request to roll back the configuration on for other controller and devices managed by an affected system. A successful exploit could allow the attacker to to roll back the configuration on for other controller and devices managed by an affected system. Una vulnerabilidad en la interfaz de administración de la interfaz de línea de comandos (CLI) de Cisco SD-WAN vManage podría permitir que un atacante local autenticado omita la autorización y le permita revertir la configuración en los controladores vManage y el dispositivo edge router. Esta vulnerabilidad se debe a un control de acceso inadecuado en la interfaz de administración de CLI de un sistema afectado. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z • CWE-286: Incorrect User Management •