Filtered by vendor Cisco
Subscriptions
Total
6228 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-1305 | 1 Cisco | 12 Ios Xe Sd-wan, Sd-wan Firmware, Sd-wan Vbond Orchestrator and 9 more | 2024-11-12 | 8.8 High |
| Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1253 | 1 Cisco | 1 Data Center Network Manager | 2024-11-12 | 6.5 Medium |
| Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1233 | 1 Cisco | 11 Catalyst Sd-wan Manager, Sd-wan Firmware, Sd-wan Vbond Orchestrator and 8 more | 2024-11-12 | 4.4 Medium |
| A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerability by sending a crafted request to the iperf tool, which is included in Cisco SD-WAN Software. A successful exploit could allow the attacker to obtain any file from the filesystem of an affected device. | ||||
| CVE-2021-1235 | 1 Cisco | 1 Sd-wan Vmanage | 2024-11-12 | 5.5 Medium |
| A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read database files from the filesystem of the underlying operating system. | ||||
| CVE-2021-1241 | 1 Cisco | 13 Catalyst Sd-wan Manager, Ios Xe Sd-wan, Sd-wan Firmware and 10 more | 2024-11-12 | 8.6 High |
| Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1247 | 1 Cisco | 1 Data Center Network Manager | 2024-11-12 | 8.8 High |
| Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1248 | 1 Cisco | 1 Data Center Network Manager | 2024-11-12 | 8.8 High |
| Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1249 | 1 Cisco | 1 Data Center Network Manager | 2024-11-12 | 6.5 Medium |
| Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1250 | 1 Cisco | 1 Data Center Network Manager | 2024-11-12 | 6.5 Medium |
| Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1225 | 1 Cisco | 1 Sd-wan Vmanage | 2024-11-12 | 9.1 Critical |
| Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates values in SQL queries. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system. | ||||
| CVE-2021-1222 | 1 Cisco | 1 Smart Software Manager On-prem | 2024-11-12 | 8.1 High |
| A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL queries. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system. | ||||
| CVE-2021-1219 | 1 Cisco | 1 Smart Software Manager On-prem | 2024-11-12 | 7.8 High |
| A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by gaining access to the static credential that is stored on the local device. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks. | ||||
| CVE-2021-1218 | 1 Cisco | 1 Smart Software Manager On-prem | 2024-11-12 | 5.4 Medium |
| A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website. | ||||
| CVE-2021-1142 | 1 Cisco | 1 Smart Software Manager Satellite | 2024-11-12 | 9.8 Critical |
| Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1141 | 1 Cisco | 1 Smart Software Manager Satellite | 2024-11-12 | 9.8 Critical |
| Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1140 | 1 Cisco | 1 Smart Software Manager Satellite | 2024-11-12 | 9.8 Critical |
| Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1139 | 1 Cisco | 1 Smart Software Manager Satellite | 2024-11-12 | 9.8 Critical |
| Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1138 | 1 Cisco | 1 Smart Software Manager Satellite | 2024-11-12 | 9.8 Critical |
| Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1135 | 1 Cisco | 1 Data Center Network Manager | 2024-11-12 | 4.6 Medium |
| Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1289 | 1 Cisco | 10 Rv160 Vpn Router, Rv160 Vpn Router Firmware, Rv160w Wireless-ac Vpn Router and 7 more | 2024-11-12 | 9.8 Critical |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. | ||||