CVE-2021-1479 – Cisco SD-WAN vManage Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1479
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco SD-WAN vManage Software, podrían permitir a un atacante remoto no autenticado ejecutar código arbitrario o permitir a un atacante local autenticado alcanzar privilegios escalados en un sistema afectado. Para mayor información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2021-1137 – Cisco SD-WAN vManage Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1137
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco SD-WAN vManage Software, podrían permitir a un atacante remoto no autenticado ejecutar código arbitrario o permitir a un atacante local autenticado alcanzar privilegios escalados en un sistema afectado. Para mayor información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2021-1225 – Cisco SD-WAN vManage SQL Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1225
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates values in SQL queries. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system. Varias vulnerabilidades en la interfaz de administración basada en web del Software Cisco SD-WAN vManage, podrían permitir a un atacante remoto no autenticado conducir ataques de inyección SQL en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-sqlinjm-xV8dsjq5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-1235 – Cisco SD-WAN vManage Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1235
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read database files from the filesystem of the underlying operating system. Una vulnerabilidad en la CLI del Software Cisco SD-WAN vManage, podría permitir a un atacante local autenticado leer archivos de bases de datos confidenciales en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vinfdis-MC8L58dj • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVE-2021-1349 – Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1349
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information. Una vulnerabilidad en la interfaz de administración basada en web del Software Cisco SD-WAN vManage, podría permitir a un atacante remoto autenticado conducir ataques de inyección de lenguaje de consulta de Cifrado en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-72EhnUc • CWE-943: Improper Neutralization of Special Elements in Data Query Logic •