CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-16099
https://notcve.org/view.php?id=CVE-2019-16099
08 Sep 2019 — Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file. Silver Peak EdgeConnect SD-WAN en versiones anteriores a la 8.1.7.x permite CSRF mediante datos JSON a un archivo .swf. • https://github.com/sdnewhop/sdwannewhope/blob/master/reports/Silverpeak%20EdgeConnect%20Multiple%20Vulnerabilities%20-%20032018.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-16100
https://notcve.org/view.php?id=CVE-2019-16100
08 Sep 2019 — Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source. Silver Peak EdgeConnect SD-WAN en versiones anteriores a la 8.1.7.x permite a los atacantes remotos desencadenar una interrupción de la interfaz web mediante lento tráfico HTTP del lado del cliente desde una sola fuente. • https://github.com/sdnewhop/sdwannewhope/blob/master/reports/Silverpeak%20EdgeConnect%20Multiple%20Vulnerabilities%20-%20032018.pdf •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-16101
https://notcve.org/view.php?id=CVE-2019-16101
08 Sep 2019 — Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI. Silver Peak EdgeConnect SD-WAN en versiones anteriores a la 8.1.7.x permite a los atacantes remotos obtener trazas de pila potencialmente sensibles mediante el envío de datos JSON incorrectos a la API REST, como el URI rest/json/banners. • https://github.com/sdnewhop/sdwannewhope/blob/master/reports/Silverpeak%20EdgeConnect%20Multiple%20Vulnerabilities%20-%20032018.pdf • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-16102
https://notcve.org/view.php?id=CVE-2019-16102
08 Sep 2019 — Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity. Silver Peak EdgeConnect SD-WAN en versiones anteriores a la 8.1.7.x tiene un servicio SNMP con un valor público para rocommunity y trapcommunity. • https://github.com/sdnewhop/sdwannewhope/blob/master/reports/Silverpeak%20EdgeConnect%20Multiple%20Vulnerabilities%20-%20032018.pdf • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2019-16103
https://notcve.org/view.php?id=CVE-2019-16103
08 Sep 2019 — Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature. Silver Peak EdgeConnect SD-WAN anterior de la versión 8.1.7.x permite la escalada de privilegios (por parte de los administradores) desde el menú a un shell de Bash OS raíz a través de la función spsshell. • https://github.com/sdnewhop/sdwannewhope/blob/master/reports/Silverpeak%20EdgeConnect%20Multiple%20Vulnerabilities%20-%20032018.pdf •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-16104
https://notcve.org/view.php?id=CVE-2019-16104
08 Sep 2019 — Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO. Silver Peak EdgeConnect SD-WAN anterior de la versión 8.1.7.x ha reflejado XSS a través del resto / json / configdb / download / PATH_INFO. • https://github.com/sdnewhop/sdwannewhope/blob/master/reports/Silverpeak%20EdgeConnect%20Multiple%20Vulnerabilities%20-%20032018.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2019-16105
https://notcve.org/view.php?id=CVE-2019-16105
08 Sep 2019 — Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI. Silver Peak EdgeConnect SD-WAN en versiones anteriores a la 8.1.7.x permite un salto de directorio ..%2f mediante el URI rest/json/configdb/download/. • https://github.com/sdnewhop/sdwannewhope/blob/master/reports/Silverpeak%20EdgeConnect%20Multiple%20Vulnerabilities%20-%20032018.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •