CVSS: 6.8EPSS: 0%CPEs: 99EXPL: 0CVE-2023-20261
https://notcve.org/view.php?id=CVE-2023-20261
18 Oct 2023 — A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerability by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI. A successful exploit could allow the attacker to obtain arbitrary files from the underlying Linux file system of an aff... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-lfi-OWLbKUGe • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20262
https://notcve.org/view.php?id=CVE-2023-20262
27 Sep 2023 — A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not affected. This vulnerability is due to insufficient resource management when an affected system is in an error condition. An attacker could exploit this vulnerability by sending malicious traffic to the affected system.... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z • CWE-399: Resource Management Errors •
CVSS: 9.4EPSS: 0%CPEs: 6EXPL: 0CVE-2023-20214
https://notcve.org/view.php?id=CVE-2023-20214
03 Aug 2023 — A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance. A successful exploit could allo... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-unauthapi-sphCLYPA • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20830 – Cisco Software-Defined Application Visibility and Control on Cisco vManage Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-20830
10 Oct 2022 — A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC without authentication. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacke... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-avc-NddSGB8 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 91EXPL: 1CVE-2022-20775 – Cisco SD-WAN Software Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20775
30 Sep 2022 — Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Varias vulnerabilidades en la CLI del software Cisco SD-WAN podrían permitir a un ... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-wmjv-552v-pxjc • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-25: Path Traversal: '/../filedir' •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20734 – Cisco SD-WAN vManage Software Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-20734
04 May 2022 — A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. Una vulnerabilidad en el software Cisco SD-WAN vManage... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmge-infodc-WPSkAMhp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •