Versions
20.9.3.0.4
20.6.3.2
20.6.3.1.1
20.4.1.0.1
18.4.4
20.9.3.0.24
20.6.5.1.10
20.7.1EFT2
19.2.1
18.3.0
18.4.6
20.6.3.0.5
20.6.2.2.7
20.9.4_LI_Images
20.6.3.0.33
20.6.6.0.1
20.9.3.0.12
18.3.3
20.3.2_928
17.2.5
18.2.0
20.9.3.0.25
20.6.5.1.7
20.6.3.0.27
20.6.5.1.11
20.9.5_LI_Images
20.3.3.1
20.4.1
20.10.1
18.3.8
20.9.4
18.3.4
20.9.3
20.6.1
20.12.2
20.9.2.3
20.6.2.1
20.9.5.1_LI_Images
20.6.3.0.18
19.0.1a
20.6.2.2.3
20.9.5.2_LI_Images
20.10.1.1
20.1.2
20.9.3_LI_ Images
19.2.098
18.4.5
20.6.5.1.14
20.9.4.1.1
20.11.1
20.12.1
20.9.3.0.26
20.6.3.0.2
20.9.2.2
20.6.4.1
20.3.3
20.6.5.2
20.6.3.0.25
20.6.2
20.1.1.1
19.2.3
20.6.1.2
19.1.0
20.7.1.0.2
20.12.3.1
20.6.3.0.29
18.3.6.1
20.6.3.0.40
20.3.2_937
20.12.1_LI_Images
20.10.1_LI_Images
18.3.1.1
20.4.1.1
20.14.1_LI_Images
17.2.7
20.6.5.1.5
20.9.5
20.6.3.0.39
20.6.3.0.47
20.11.1.2
19.2.099
18.4.1
20.6.3.3
20.1.2_937
20.6.3.0.10
19.2.4.0.1
18.4.3
20.12.3
20.6.2.2.2
20.7.1.1
20.6.3.0.23
20.6.1.0.1
17.2.9
20.13.1
20.12.3_LI_Images
18.3.6
19.2.2
20.10.1.2
20.7.1
20.9.4.1.3
20.6.2.0.4
17.2.8
20.11.1.1
20.6.5.2.3
20.6.2.2.4
20.11.1_LI_Images
17.2.6
18.4.303
20.6.5.2.4
20.6.3.4
18.3.1
19.2.097
20.6.7
20.12.2_LI_Images
20.6.3.0.11
19.0.0
20.12.4
19.2.31
17.2.4
20.6.3.0.19
17.2.10
18.4.0
20.7.2
20.3.1
18.4.302
20.9.3.0.18
20.9.3.0.21
18.3.7
20.1.1
20.6.5.1
20.9.4.0.4
20.9.4.1
20.9.1_LI_Images
20.6.2.2
20.3.2_925
19.2.32
20.9.4.1_LI_Images
18.4.501_ES
18.3.3.1
20.6.3
18.3.5
18.4.0.1
19.3.0
20.9.3.0.23
20.3.2
20.13.1_LI_Images
20.9.3.0.3
20.3.2_929
20.3.2.1_930
20.6.3.0.7
19.2.929
20.3.2.1_927
20.6.4.0.19
20.1.12
19.2.0
20.6.3.0.14
20.6.1.1
20.14.1
20.6.5.4
20.6.3.0.51
20.3.2.1
20.6.0.18.4
20.8.1
20.6.0.18.3
19.2.4
20.9.5.1
Recent CVEs
CVE-2020-26066
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE-2020-26073
A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and gain access to sensitive information including credentials or user tokens.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE-2020-26074
A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An attacker could exploit this vulnerability by sending requests that contain specially crafted path variables to the vulnerable system. A successful exploit could allow the attacker to overwrite arbitrary files, allowing the attacker to modify the system in such a way that could allow the attacker to gain escalated privileges.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE-2021-1465
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to write arbitrary files on the affected system.
CVE-2021-1466
A vulnerability in the vDaemon service of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to cause a buffer overflow on an affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete bounds checks for data that is provided to the vDaemon service of an affected system. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on the affected system. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could allow the attacker to cause the vDaemon listening service to reload and result in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE-2021-1470
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected system. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the vManage database or the underlying operating system.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
CVE-2021-1481
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE-2021-1464
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exists because the affected software has insufficient input validation for certain commands. An attacker could exploit this vulnerability by sending crafted requests to the affected commands of an affected system. A successful exploit could allow the attacker to bypass authorization checking and gain restricted access to the configuration data of the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE-2021-1483
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. This vulnerability is due to improper handling of XML External Entity (XXE) entries when the affected software parses certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE-2021-1484
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to inject arbitrary commands on an affected system and cause a denial of service (DoS) condition. This vulnerability is due to improper input validation of user-supplied input to the device template configuration. An attacker could exploit this vulnerability by submitting crafted input to the device template configuration. A successful exploit could allow the attacker to cause a DoS condition on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.