cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-20655,https://securityvulnerability.io/vulnerability/CVE-2022-20655,Command Injection Vulnerability in ConfD Could Allow Authenticated Attacker to Execute Arbitrary Commands with Root Privileges,"An issue within the command line interface (CLI) implementation in Cisco's ConfD can allow authenticated, local attackers to conduct command injection attacks. This vulnerability stems from insufficient validation of process arguments, enabling an attacker to inject malicious commands during execution. Successfully exploiting this vulnerability can lead to the execution of arbitrary commands on the underlying operating system with the same privileges as ConfD, often equivalent to root access, thereby posing severe risks to system security and integrity.",Cisco,"Cisco iOS Xr Software,Cisco Virtual Topology System (vts),Cisco Network Services Orchestrator,Cisco Enterprise Nfv Infrastructure Software,Cisco Catalyst Sd-wan,Cisco Catalyst Sd-wan Manager,Cisco iOS Xe Catalyst Sd-wan,Cisco Sd-wan Vedge Router,Cisco Ultra Gateway Platform,Cisco Carrier Packet Transport",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-15T15:56:42.927Z,0
CVE-2021-1529,https://securityvulnerability.io/vulnerability/CVE-2021-1529,Cisco IOS XE SD-WAN Software Command Injection Vulnerability,"A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.",Cisco,Cisco iOS Xe Sd-wan Software,7.8,HIGH,0.0004199999966658652,false,,false,false,true,2024-08-03T17:16:00.000Z,,false,false,,2021-10-21T03:15:00.000Z,0
CVE-2021-34727,https://securityvulnerability.io/vulnerability/CVE-2021-34727,Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability,"A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. A successful exploit could allow the attacker to cause a buffer overflow and possibly execute arbitrary commands with root-level privileges, or cause the device to reload, which could result in a denial of service condition.",Cisco,Cisco iOS Xe Sd-wan Software,9.8,CRITICAL,0.020479999482631683,false,,false,false,true,2024-08-04T02:15:21.000Z,,false,false,,2021-09-23T03:15:00.000Z,0
CVE-2021-34729,https://securityvulnerability.io/vulnerability/CVE-2021-34729,Cisco IOS XE SD-WAN Software Command Injection Vulnerability,"A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input in the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system. An attacker would need valid user credentials to exploit this vulnerability.",Cisco,Cisco iOS Xe Sd-wan Software,6.7,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-04T02:15:21.000Z,,false,false,,2021-09-23T03:15:00.000Z,0
CVE-2021-34725,https://securityvulnerability.io/vulnerability/CVE-2021-34725,Cisco IOS XE SD-WAN Software Command Injection Vulnerability,"A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root-level privileges.",Cisco,Cisco iOS Xe Sd-wan Software,6.7,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-04T02:15:21.000Z,,false,false,,2021-09-23T03:15:00.000Z,0
CVE-2021-1612,https://securityvulnerability.io/vulnerability/CVE-2021-1612,Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability,"A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device.",Cisco,Cisco iOS Xe Sd-wan Software,5.5,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-03T17:16:04.000Z,,false,false,,2021-09-23T03:15:00.000Z,0
CVE-2021-34724,https://securityvulnerability.io/vulnerability/CVE-2021-34724,Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerability,"A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root user. An attacker must be authenticated on an affected device as a PRIV15 user. This vulnerability is due to insufficient file system protection and the presence of a sensitive file in the bootflash directory on an affected device. An attacker could exploit this vulnerability by overwriting an installer file stored in the bootflash directory with arbitrary commands that can be executed with root-level privileges. A successful exploit could allow the attacker to read and write changes to the configuration database on the affected device.",Cisco,Cisco iOS Xe Sd-wan Software,6,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-04T02:15:21.000Z,,false,false,,2021-09-23T03:15:00.000Z,0
CVE-2020-3216,https://securityvulnerability.io/vulnerability/CVE-2020-3216,Cisco IOS XE SD-WAN Software Authentication Bypass Vulnerability,"A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by stopping the boot initialization of an affected device. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device.",Cisco,Cisco iOS Xe Sd-wan Software,6.8,MEDIUM,0.0006799999973736703,false,,false,false,true,2024-08-04T08:16:30.000Z,,false,false,,2020-06-03T00:00:00.000Z,0
CVE-2019-16011,https://securityvulnerability.io/vulnerability/CVE-2019-16011,Cisco IOS XE SD-WAN Software Command Injection Vulnerability,"A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.",Cisco,Cisco iOS Xe Sd-wan Software,7.8,HIGH,0.0004199999966658652,false,,false,false,true,2024-08-05T02:15:47.000Z,,false,false,,2020-04-29T00:00:00.000Z,0
CVE-2019-1950,https://securityvulnerability.io/vulnerability/CVE-2019-1950,Cisco IOS XE SD-WAN Software Default Credentials Vulnerability,"A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier.",Cisco,Cisco iOS Xe Sd-wan Software,8.4,HIGH,0.0006699999794363976,false,,false,false,true,2024-08-04T19:16:20.000Z,,false,false,,2020-02-19T20:15:00.000Z,0