cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-1438,https://securityvulnerability.io/vulnerability/CVE-2021-1438,Cisco Wide Area Application Services Software Information Disclosure Vulnerability,"A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access.",Cisco,Cisco Wide Area Application Services (waas),5.5,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-03T17:15:56.000Z,,false,false,,2021-05-06T13:15:00.000Z,0
CVE-2020-3446,https://securityvulnerability.io/vulnerability/CVE-2020-3446,Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability,"A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. The vulnerability exists because the affected software has user accounts with default, static passwords. An attacker with access to the NFVIS CLI of an affected device could exploit this vulnerability by logging into the CLI. A successful exploit could allow the attacker to access the NFVIS CLI with administrator privileges.",Cisco,Cisco Wide Area Application Services (waas),9.8,CRITICAL,0.004900000058114529,false,,false,false,true,2024-08-04T08:16:40.000Z,,false,false,,2020-08-26T17:15:00.000Z,0
CVE-2019-1876,https://securityvulnerability.io/vulnerability/CVE-2019-1876,Cisco Wide Area Application Services Software HTTPS Proxy Authentication Bypass Vulnerability,"A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies.",Cisco,Cisco Wide Area Application Services (waas),4,MEDIUM,0.0008099999977275729,false,,false,false,true,2024-08-04T19:16:15.000Z,,false,false,,2019-06-20T03:15:00.000Z,0
CVE-2016-6437,https://securityvulnerability.io/vulnerability/CVE-2016-6437,,"A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. More Information: CSCva03095. Known Affected Releases: 5.3(5), 6.1(1), 6.2(1). Known Fixed Releases: 5.3(5g)1, 6.2(2.32).",Cisco,Cisco Wide Area Application Services (waas) Before 5.3(5g)1 And 6.x Before 6.2(2.32),5.9,MEDIUM,0.005630000028759241,false,,false,false,false,,,false,false,,2016-10-27T21:00:00.000Z,0