Filtered by vendor Cisco Subscriptions
Filtered by product Vedge 100 Subscriptions
Total 27 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-1528 1 Cisco 19 Catalyst Sd-wan Manager, Sd-wan Vbond Orchestrator, Vedge 100 and 16 more 2024-11-07 7.8 High
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this vulnerability by invoking a privileged process in the affected system. A successful exploit could allow the attacker to perform actions with the privileges of the root user.
CVE-2021-1546 1 Cisco 21 Catalyst Sd-wan Manager, Sd-wan Vbond Orchestrator, Sd-wan Vmanage and 18 more 2024-11-07 5.5 Medium
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information.
CVE-2022-20850 1 Cisco 14 1100-4g Integrated Services Router, 1100-6g Integrated Services Router, 1100 Integrated Services Router and 11 more 2024-11-01 5.5 Medium
A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.
CVE-2022-20930 1 Cisco 12 Catalyst Sd-wan Manager, Sd-wan, Sd-wan Vbond Orchestrator and 9 more 2024-11-01 6.7 Medium
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition.
CVE-2018-0433 1 Cisco 12 Vbond Orchestrator, Vedge 100, Vedge 1000 and 9 more 2024-09-16 7.8 High
A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.
CVE-2018-0432 1 Cisco 9 Vedge 100, Vedge 1000, Vedge 1000 Firmware and 6 more 2024-09-16 N/A
A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerability by sending a crafted command to the error reporting feature. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.
CVE-2018-0434 1 Cisco 9 Vedge 100, Vedge 1000, Vedge 1000 Firmware and 6 more 2024-09-16 N/A
A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.