cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-26066,https://securityvulnerability.io/vulnerability/CVE-2020-26066,Cisco SD-WAN vManage Software Vulnerability: Authenticated Attackers Can Access Sensitive Information,"A vulnerability identified in the web UI of Cisco SD-WAN vManage Software allows an authenticated remote attacker to gain unauthorized read and write access to sensitive information stored on the affected system. This issue arises from the improper handling of XML External Entity (XXE) entries when certain XML files are parsed. An attacker could exploit this flaw by convincing a user to import a specially crafted XML file containing malicious inputs. If successful, the attacker could manipulate files within the application, risking the integrity and confidentiality of the stored data. Cisco has released updates to rectify this vulnerability, but no workarounds are available to mitigate the risk.",Cisco,Cisco Catalyst Sd-wan Manager,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-18T16:23:47.442Z,0
CVE-2020-26071,https://securityvulnerability.io/vulnerability/CVE-2020-26071,Cisco SD-WAN Software Vulnerability Discovered,"A vulnerability has been identified in the Command Line Interface (CLI) of Cisco SD-WAN Software, allowing an authenticated local attacker to create or overwrite arbitrary files on the device. This situation arises from inadequate input validation for certain commands within the software. By injecting crafted arguments into these commands, an attacker could potentially disrupt the normal operation of the device, resulting in a denial of service condition. Cisco has addressed this issue in subsequent software updates, and there are no known workarounds to mitigate the risk. Users are advised to apply the latest updates to protect their systems.",Cisco,"Cisco Catalyst Sd-wan Manager,Cisco Sd-wan Vcontainer,Cisco Sd-wan Vedge Cloud,Cisco Sd-wan Vedge Router",8.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-18T16:05:35.221Z,0
CVE-2020-26073,https://securityvulnerability.io/vulnerability/CVE-2020-26073,Unauthorized Access to Sensitive Information via Directory Traversal,"The application data endpoints of Cisco SD-WAN vManage Software are vulnerable due to improper validation of directory traversal character sequences. This vulnerability enables an unauthenticated, remote attacker to exploit application programming interfaces (APIs) by sending malicious requests. Successful exploitation could lead to directory traversal attacks, granting access to sensitive information such as credentials or user tokens. Cisco has issued software updates that mitigate this vulnerability, and there are no effective workarounds available.",Cisco,Cisco Catalyst Sd-wan Manager,7.5,HIGH,0.0074800001457333565,false,,false,false,false,,,false,false,,2024-11-18T15:57:25.059Z,0
CVE-2020-26074,https://securityvulnerability.io/vulnerability/CVE-2020-26074,Cisco SD-WAN vManage Software Vulnerability - Escalated Privileges on Local Systems,"A local attacker with valid access can exploit a vulnerability in the system file transfer functions of Cisco SD-WAN vManage Software to achieve escalated privileges on the underlying operating system. This vulnerability arises from improper validation of path inputs for file transfer operations. An attacker may send specially crafted requests with malicious path variables to the system, potentially allowing them to overwrite arbitrary files. Such exploitation could enable the attacker to alter the system's behavior and gain higher privileges. Cisco has addressed this issue through software updates, and no workarounds are available to mitigate the vulnerability.",Cisco,Cisco Catalyst Sd-wan Manager,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-18T15:56:13.890Z,0
CVE-2021-1234,https://securityvulnerability.io/vulnerability/CVE-2021-1234,Cisco SD-WAN vManage Software Vulnerability,"A vulnerability exists in the cluster management interface of Cisco SD-WAN vManage Software, potentially enabling remote attackers to access sensitive information without authentication. This issue arises from the lack of proper authentication mechanisms within the cluster management interface, specifically when the software operates in cluster mode. By sending specially crafted requests, an attacker may retrieve confidential data, posing significant security risks to the affected systems. Cisco has made software updates available to rectify this issue, and it is critical to apply these updates as there are currently no effective workarounds to mitigate the risk.",Cisco,Cisco Catalyst Sd-wan Manager,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-18T15:45:40.772Z,0
CVE-2021-1232,https://securityvulnerability.io/vulnerability/CVE-2021-1232,Cisco SD-WAN vManage Software Vulnerability Could Allow Remote Access to Sensitive Information,"A vulnerability exists in the web-based management interface of Cisco SD-WAN vManage Software, which may allow an authenticated remote attacker to read arbitrary files on the system's filesystem. This issue arises from inadequate access control that permits unauthorized access to sensitive information stored on the affected systems. By exploiting this vulnerability, an attacker can gain unauthorized visibility into files and potentially access devices and other critical network management systems that should remain secure. Remedies are available through software updates provided by Cisco, and no workaround is effective against this vulnerability.",Cisco,Cisco Catalyst Sd-wan Manager,6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2024-11-18T15:40:17.633Z,0
CVE-2021-1461,https://securityvulnerability.io/vulnerability/CVE-2021-1461,Vulnerability in Image Signature Verification Feature Could Allow Attackers to Install Malware,"A vulnerability exists in the Image Signature Verification feature of Cisco SD-WAN Software, enabling an authenticated remote attacker with Administrator-level credentials to exploit this flaw. The root cause of the issue is the improper verification of digital signatures for software patch images. This manipulation allows an attacker to create an unsigned software patch that can bypass the necessary signature checks, leading to the potential installation of a malicious software patch image on the affected device. As a result, successful exploitation could permit unauthorized actions on the system unless addressed through the software updates provided by Cisco, as there are no viable workarounds for this security flaw.",Cisco,"Cisco Catalyst Sd-wan Manager,Cisco Sd-wan Vedge Router",4.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-18T15:33:06.681Z,0
CVE-2021-1462,https://securityvulnerability.io/vulnerability/CVE-2021-1462,Cisco SD-WAN vManage Software Vulnerability Allows Elevation of Privileges,"A security vulnerability affecting the Command Line Interface (CLI) of Cisco SD-WAN vManage Software allows an authenticated local attacker to exploit the system by elevating their privileges. This issue arises from improper privilege assignment within the software. An attacker with a valid Administrator account can log into the affected system, create a malicious file, and subsequently trigger the system to parse this file during future operations. This could lead to the attacker obtaining root privileges, significantly compromising the security of the affected system. Cisco has issued software updates to mitigate this vulnerability, and no alternative workarounds are available.",Cisco,Cisco Catalyst Sd-wan Manager,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-18T15:30:12.049Z,0
CVE-2021-1465,https://securityvulnerability.io/vulnerability/CVE-2021-1465,Cisco SD-WAN vManage Software Vulnerability Allows Directory Traversal and Sensitive File Access,"A vulnerability exists in the web-based management interface of Cisco SD-WAN vManage Software, allowing an authenticated remote attacker to exploit insufficient validation of HTTP requests. By sending specifically crafted HTTP requests that include directory traversal character sequences, an attacker could navigate through the file system and gain unauthorized read access to sensitive files on the affected system. This vulnerability highlights the critical need for reinforced security measures in web management interfaces to prevent unauthorized file access and potential system compromise.",Cisco,Cisco Catalyst Sd-wan Manager,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-18T15:26:13.298Z,0
CVE-2021-1466,https://securityvulnerability.io/vulnerability/CVE-2021-1466,Cisco SD-WAN vManage Software Vulnerability Could Lead to Denial of Service,"A vulnerability in the vDaemon service associated with Cisco's SD-WAN vManage Software allows an authenticated local attacker to exploit a buffer overflow condition. This issue arises from incomplete bounds checks on the data provided to the vDaemon service. By sending specially crafted malicious data to the vDaemon listening service, an attacker can induce a failure in the service, leading to a denial of service (DoS) state. Cisco has issued software updates to remediate this vulnerability, and there are currently no alternative workarounds available.",Cisco,Cisco Catalyst Sd-wan Manager,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-15T17:04:35.138Z,0
CVE-2021-1470,https://securityvulnerability.io/vulnerability/CVE-2021-1470,Cisco SD-WAN vManage Software Vulnerability: SQL Injection Attacks Possible,"A vulnerability exists in the web-based management interface of Cisco's SD-WAN vManage Software, allowing authenticated remote attackers to perform SQL injection attacks. This vulnerability stems from inadequate input validation for SQL queries. By authenticating to the application, attackers can send crafted SQL queries, potentially leading to unauthorized access to modify or retrieve information from the vManage database or the operating system beneath it. Cisco recommends applying the released software updates to mitigate this issue, as no workarounds effectively address the vulnerability.",Cisco,Cisco Catalyst Sd-wan Manager,4.9,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-11-15T16:38:56.058Z,0
CVE-2021-1481,https://securityvulnerability.io/vulnerability/CVE-2021-1481,Cisco SD-WAN vManage Software Vulnerability Could Lead to Sensitive Information Theft,"A vulnerability exists in the web-based management interface of Cisco SD-WAN vManage Software, allowing an authenticated remote attacker to execute Cypher query language injection attacks. This issue arises from inadequate input validation within the interface. An attacker can exploit this vulnerability by sending specially crafted HTTP requests to the management interface of an affected system, potentially gaining access to sensitive information. Cisco has issued software updates to mitigate this vulnerability, with no alternative workarounds available.",Cisco,Cisco Catalyst Sd-wan Manager,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-15T16:37:23.188Z,0
CVE-2021-1482,https://securityvulnerability.io/vulnerability/CVE-2021-1482,Cisco SD-WAN vManage Software Vulnerability Could Lead to Sensitive Information Access,"A vulnerabilities exists in the web-based management interface of Cisco SD-WAN vManage Software, which can be exploited by an authenticated remote attacker. This vulnerability arises from inadequate authorization checks that allow attackers to send specially crafted HTTP requests to the management interface. Successful exploitation enables attackers to bypass necessary authorization and obtain sensitive information from the system. To mitigate this issue, Cisco has issued software updates, with no alternative workarounds available for affected systems.",Cisco,Cisco Catalyst Sd-wan Manager,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-15T16:36:11.822Z,0
CVE-2021-1464,https://securityvulnerability.io/vulnerability/CVE-2021-1464,Cisco SD-WAN vManage Software Vulnerability Allows Bypass of Authorization Checking,"A vulnerability in Cisco SD-WAN vManage Software enables an authenticated, remote attacker to bypass authorization checks, potentially granting them restricted access to configuration information on the affected system. This issue arises from inadequate input validation for certain commands. An attacker may exploit this vulnerability by crafting specific requests directed at the vulnerable commands. If successful, the exploit allows unauthorized access to sensitive configuration data, exposing the system to further risks. Cisco has addressed this vulnerability through software updates, and no workarounds are available.",Cisco,Cisco Catalyst Sd-wan Manager,5,MEDIUM,0.0012100000167265534,false,,false,false,false,,,false,false,,2024-11-15T16:32:20.193Z,0
CVE-2021-1483,https://securityvulnerability.io/vulnerability/CVE-2021-1483,Cisco SD-WAN vManage Software Vulnerability,"A security flaw in the web UI of Cisco SD-WAN vManage Software could allow an authenticated remote attacker to manipulate and access sensitive information stored on the system. This vulnerability arises from the improper handling of XML External Entity (XXE) inputs when the software parses certain XML files. Attackers could exploit this weakness by convincing a user to import a specially crafted XML file containing malicious entries. If successfully exploited, this vulnerability could enable the attacker to obtain and modify files within the affected application. Cisco has promptly issued software updates to rectify this issue; however, no alternative workarounds are available to mitigate the risk.",Cisco,Cisco Catalyst Sd-wan Manager,6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-11-15T16:27:43.715Z,0
CVE-2021-1484,https://securityvulnerability.io/vulnerability/CVE-2021-1484,Cisco SD-WAN vManage Software Vulnerability Could Lead to Denial of Service,"A vulnerability in the web UI of Cisco SD-WAN vManage Software enables an authenticated, remote attacker to inject arbitrary commands into the device template configuration. This issue arises from improper input validation of user-supplied data. By exploiting this weakness through crafted input, an attacker can potentially induce a denial of service condition on the impacted system, disrupting service availability. Cisco has released software updates to remediate this vulnerability, with no alternative workarounds available.",Cisco,Cisco Catalyst Sd-wan Manager,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-15T16:26:12.341Z,0
CVE-2021-1491,https://securityvulnerability.io/vulnerability/CVE-2021-1491,Cisco SD-WAN vManage Software Vulnerability,"A vulnerability exists within the web-based management interface of Cisco SD-WAN vManage Software, which permits an authenticated remote attacker to read arbitrary files situated on the device's underlying file system. This flaw stems from inadequate file scope restrictions that enable potential exploitation by referencing specific files in the system. Through the management interface, an attacker can successfully access these files, leading to unauthorized information disclosure. Cisco has issued software updates to rectify this issue. Unfortunately, there are no current workarounds available to mitigate this vulnerability.",Cisco,Cisco Catalyst Sd-wan Manager,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-15T16:25:02.254Z,0
CVE-2022-20655,https://securityvulnerability.io/vulnerability/CVE-2022-20655,Command Injection Vulnerability in ConfD Could Allow Authenticated Attacker to Execute Arbitrary Commands with Root Privileges,"An issue within the command line interface (CLI) implementation in Cisco's ConfD can allow authenticated, local attackers to conduct command injection attacks. This vulnerability stems from insufficient validation of process arguments, enabling an attacker to inject malicious commands during execution. Successfully exploiting this vulnerability can lead to the execution of arbitrary commands on the underlying operating system with the same privileges as ConfD, often equivalent to root access, thereby posing severe risks to system security and integrity.",Cisco,"Cisco iOS Xr Software,Cisco Virtual Topology System (vts),Cisco Network Services Orchestrator,Cisco Enterprise Nfv Infrastructure Software,Cisco Catalyst Sd-wan,Cisco Catalyst Sd-wan Manager,Cisco iOS Xe Catalyst Sd-wan,Cisco Sd-wan Vedge Router,Cisco Ultra Gateway Platform,Cisco Carrier Packet Transport",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-15T15:56:42.927Z,0
CVE-2024-20475,https://securityvulnerability.io/vulnerability/CVE-2024-20475,Cisco Catalyst SD-WAN Manager Vulnerable to Cross-Site Scripting Attacks,"A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface.",Cisco,Catalyst Sd-wan Manager,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-09-25T17:15:00.000Z,0