cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-26071,https://securityvulnerability.io/vulnerability/CVE-2020-26071,Cisco SD-WAN Software Vulnerability Discovered,"A vulnerability has been identified in the Command Line Interface (CLI) of Cisco SD-WAN Software, allowing an authenticated local attacker to create or overwrite arbitrary files on the device. This situation arises from inadequate input validation for certain commands within the software. By injecting crafted arguments into these commands, an attacker could potentially disrupt the normal operation of the device, resulting in a denial of service condition. Cisco has addressed this issue in subsequent software updates, and there are no known workarounds to mitigate the risk. Users are advised to apply the latest updates to protect their systems.",Cisco,"Cisco Catalyst Sd-wan Manager,Cisco Sd-wan Vcontainer,Cisco Sd-wan Vedge Cloud,Cisco Sd-wan Vedge Router",8.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-18T16:05:35.221Z,0
CVE-2021-1461,https://securityvulnerability.io/vulnerability/CVE-2021-1461,Vulnerability in Image Signature Verification Feature Could Allow Attackers to Install Malware,"A vulnerability exists in the Image Signature Verification feature of Cisco SD-WAN Software, enabling an authenticated remote attacker with Administrator-level credentials to exploit this flaw. The root cause of the issue is the improper verification of digital signatures for software patch images. This manipulation allows an attacker to create an unsigned software patch that can bypass the necessary signature checks, leading to the potential installation of a malicious software patch image on the affected device. As a result, successful exploitation could permit unauthorized actions on the system unless addressed through the software updates provided by Cisco, as there are no viable workarounds for this security flaw.",Cisco,"Cisco Catalyst Sd-wan Manager,Cisco Sd-wan Vedge Router",4.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-18T15:33:06.681Z,0
CVE-2022-20655,https://securityvulnerability.io/vulnerability/CVE-2022-20655,Command Injection Vulnerability in ConfD Could Allow Authenticated Attacker to Execute Arbitrary Commands with Root Privileges,"An issue within the command line interface (CLI) implementation in Cisco's ConfD can allow authenticated, local attackers to conduct command injection attacks. This vulnerability stems from insufficient validation of process arguments, enabling an attacker to inject malicious commands during execution. Successfully exploiting this vulnerability can lead to the execution of arbitrary commands on the underlying operating system with the same privileges as ConfD, often equivalent to root access, thereby posing severe risks to system security and integrity.",Cisco,"Cisco iOS Xr Software,Cisco Virtual Topology System (vts),Cisco Network Services Orchestrator,Cisco Enterprise Nfv Infrastructure Software,Cisco Catalyst Sd-wan,Cisco Catalyst Sd-wan Manager,Cisco iOS Xe Catalyst Sd-wan,Cisco Sd-wan Vedge Router,Cisco Ultra Gateway Platform,Cisco Carrier Packet Transport",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-15T15:56:42.927Z,0
CVE-2022-20717,https://securityvulnerability.io/vulnerability/CVE-2022-20717,Cisco SD-WAN vEdge Routers Denial of Service Vulnerability,"A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition.",Cisco,Cisco Sd-wan Vedge Router,5.5,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-03T03:15:38.000Z,,false,false,,2022-04-15T15:15:00.000Z,0
CVE-2021-1509,https://securityvulnerability.io/vulnerability/CVE-2021-1509,Cisco SD-WAN vEdge Software Buffer Overflow Vulnerabilities,"Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Sd-wan Vedge Router,7.5,HIGH,0.0010499999625608325,false,,false,false,true,2024-08-03T17:15:59.000Z,,false,false,,2021-05-06T13:15:00.000Z,0
CVE-2021-1510,https://securityvulnerability.io/vulnerability/CVE-2021-1510,Cisco SD-WAN vEdge Software Buffer Overflow Vulnerabilities,"Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Sd-wan Vedge Router,7.5,HIGH,0.001230000052601099,false,,false,false,true,2024-08-03T17:15:59.000Z,,false,false,,2021-05-06T13:15:00.000Z,0
CVE-2021-1511,https://securityvulnerability.io/vulnerability/CVE-2021-1511,Cisco SD-WAN vEdge Software Buffer Overflow Vulnerabilities,"Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Sd-wan Vedge Router,7.5,HIGH,0.0007999999797903001,false,,false,false,true,2024-08-03T17:15:59.000Z,,false,false,,2021-05-06T13:15:00.000Z,0
CVE-2020-3385,https://securityvulnerability.io/vulnerability/CVE-2020-3385,Cisco SD-WAN vEdge Routers Denial of Service Vulnerability,"A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted packets through an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition.",Cisco,Cisco Sd-wan Vedge Router,7.4,HIGH,0.0005799999926239252,false,,false,false,true,2024-08-04T08:16:38.000Z,,false,false,,2020-07-16T18:15:00.000Z,0
CVE-2020-3369,https://securityvulnerability.io/vulnerability/CVE-2020-3369,Cisco SD-WAN vEdge Routers Denial of Service Vulnerability,"A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP packets through an affected device. A successful exploit could allow the attacker to make the device reboot continuously, causing a DoS condition.",Cisco,Cisco Sd-wan Vedge Router,8.6,HIGH,0.0015899999998509884,false,,false,false,true,2024-08-04T08:16:37.000Z,,false,false,,2020-07-16T18:15:00.000Z,0