CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-20253
https://notcve.org/view.php?id=CVE-2023-20253
27 Sep 2023 — A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to improper access control in the cli-management interface of an affected system. An attacker with low-privilege (read only) access to the cli could exploit this vulnerability by sending a request to roll back the confi... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z • CWE-286: Incorrect User Management •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20113 – Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2023-20113
23 Mar 2023 — A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary ac... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-csrf-76RDbLEh • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.7EPSS: 0%CPEs: 19EXPL: 0CVE-2022-20930 – Cisco SD-WAN Software Arbitrary File Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2022-20930
30 Sep 2022 — A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition. Una vulnerabilidad en la CLI ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-cli-xkGwmqKu • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.8EPSS: 0%CPEs: 83EXPL: 1CVE-2022-20818 – Cisco SD-WAN Software Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20818
30 Sep 2022 — Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Múltiples vulnerabilidades en la CLI del software Cisco SD-WAN podrían permitir a ... • https://github.com/mbadanoiu/CVE-2022-20818 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-25: Path Traversal: '/../filedir' •
CVSS: 7.8EPSS: 0%CPEs: 91EXPL: 1CVE-2022-20775 – Cisco SD-WAN Software Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20775
30 Sep 2022 — Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Varias vulnerabilidades en la CLI del software Cisco SD-WAN podrían permitir a un ... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-wmjv-552v-pxjc • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-25: Path Traversal: '/../filedir' •
CVSS: 10.0EPSS: 94%CPEs: 398EXPL: 413CVE-2021-44228 – Apache Log4j2 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44228
10 Dec 2021 — Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.... • https://packetstorm.news/files/id/171626 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •