Versions
17.2.9
17.2.5
17.2.8
17.2.6
17.2.4
17.2.7
17.2.10
20.6.3.2
18.4.4
20.1.3
19.2.1
18.3.0
18.4.6
20.4.2.3
20.4.1.2
18.3.3
18.2.0
20.4.1
18.3.8
18.3.4
20.9.3
20.6.1
20.3.7.2
20.9.2.3
20.3.5
19.0.1a
20.3.5.1
20.6.4
20.1.3.1
20.9.2
20.3.4.3
20.1.2
19.2.098
18.4.5
20.9.2.2
20.6.4.1
20.3.3
20.6.5.2
20.6.2
20.6.5
20.3.4
19.2.3
20.3.7.1
20.6.1.2
19.1.0
20.6.5.3
20.4.1.1
19.2.099
18.4.1
20.6.3.3
18.4.3
18.3.6
19.2.2
20.7.1
20.9.1
19.1.01
20.7.1.2
18.4.303
20.5.1
20.3.7
18.3.1
19.2.097
19.0.0
19.2.31
20.7.2
18.4.0
20.3.1
18.4.302
20.3.8
20.1.1
20.4.2
18.3.7
20.6.5.1
20.9.3.1
19.2.32
20.6.3
18.3.5
20.3.6
19.3.0
20.3.2
19.2.929
20.1.12
19.2.0
20.1.11
20.6.5.4
20.3.3.2
20.8.1
19.2.4
Recent CVEs
CVE-2020-26071
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation for specific commands. An attacker could exploit this vulnerability by including crafted arguments to those specific commands. A successful exploit could allow the attacker to create or overwrite arbitrary files on the affected device, which could result in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE-2021-1461
A vulnerability in the Image Signature Verification feature of Cisco SD-WAN Software could allow an authenticated, remote attacker with Administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.Cisco has released software updates that address the vulnerability described in this advisory. There are no workarounds that address this vulnerability.
CVE-2024-20496
A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to incorrect handling of a specific type of malformed UDP packet. An attacker in a machine-in-the-middle position could exploit this vulnerability by sending crafted UDP packets to an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition on the affected system.