CVSS: 5.5EPSS: 0%CPEs: 269EXPL: 0CVE-2025-20147 – Cisco SD-WAN vManage Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2025-20147
07 May 2025 — A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a stored cross-site scripting attack (XSS) on an affected system. This vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-xss-xhN8M5jt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 272EXPL: 0CVE-2025-20216 – Cisco Catalyst SD-WAN Manager Reflected HTML Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-20216
07 May 2025 — A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an authenticated user. This vulnerability is due to improper sanitization of input to the web interface. An attacker could exploit this vulnerability by convincing an authenticated user to click a malicious link. A successful exploit could allow the attacker to inject HTML into the browser of an authenticated Cisco Catalyst S... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-inj-GxVtK6zj • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0CVE-2025-20151 – Cisco IOS and IOS XE Software SNMPv3 Configuration Restriction Vulnerability
https://notcve.org/view.php?id=CVE-2025-20151
07 May 2025 — A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to poll an affected device using SNMP, even if the device is configured to deny SNMP traffic from an unauthorized source or the SNMPv3 username is removed from the configuration. This vulnerability exists because of the way that the SNMPv3 configuration is stored in the Cisco IOS Software and Cisco IOS XE Soft... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmpv3-qKEYvzsy • CWE-16: Configuration •
CVSS: 6.8EPSS: 0%CPEs: 98EXPL: 0CVE-2025-20187 – Cisco SD-WAN Manager Software Arbitrary File Creation Vulnerability
https://notcve.org/view.php?id=CVE-2025-20187
07 May 2025 — A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by sending malicious requests to an API within the affected system. A successful exploit could allow the attacker to conduct directory traversal attacks and write files to an arbitrary loc... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanarbfile-2zKhKZwJ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 272EXPL: 0CVE-2025-20122 – Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-20122
07 May 2025 — A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of the root user on the underlying operating system. This vulnerability is due to insufficient input validation. An authenticated attacker with read-only privileges on the SD-WAN Manager system could exploit this vulnerability by sending a crafted request to the CLI of the SD-WAN Manager. A successful exploit could allow the attacker to gain root privile... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-priviesc-WCk7bmmt • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 5.5EPSS: 0%CPEs: 273EXPL: 0CVE-2025-20213 – Cisco Catalyst SDWAN Manager Arbitrary File Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2025-20213
07 May 2025 — A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attacker must have valid read-only credentials with CLI access on the affected system. This vulnerability is due to improper access controls on files that are on the local file system. An attacker could exploit this vulnerability by running a series of crafted co... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-fileoverwrite-Uc9tXWH • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 270EXPL: 0CVE-2025-20157 – Cisco Catalyst vManage Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2025-20157
07 May 2025 — A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper validation of certificates that are used by the Smart Licensing feature. An attacker with a privileged network position could exploit this vulnerability by intercepting traffic that is sent over the Internet. A successful exploit could allow the attacker to gain acce... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catalyst-tls-PqnD5KEJ • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 44EXPL: 0CVE-2020-26066 – Cisco SD-WAN vManage Software XML External Entity Vulnerability
https://notcve.org/view.php?id=CVE-2020-26066
18 Nov 2024 — A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.4EPSS: 0%CPEs: 148EXPL: 0CVE-2020-26071 – Cisco SD-WAN vEdge Arbitrary File Creation Vulnerability
https://notcve.org/view.php?id=CVE-2020-26071
18 Nov 2024 — A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation for specific commands. An attacker could exploit this vulnerability by including crafted arguments to those specific commands. A successful exploit could allow the attacker to create or overwrite arbitrary files on the affected dev... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 89%CPEs: 45EXPL: 0CVE-2020-26073 – Cisco SD-WAN vManage Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2020-26073
18 Nov 2024 — A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct direct... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy • CWE-35: Path Traversal: '.../ •