Search
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1619 | 1 Cisco | 146 Ios Xe, Ios Xe Sd-wan, Ios Xe Sd-wan 16.10.1 When Installed On 1000 Series Integrated Services and 143 more | 2022-07-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denial of service (DoS) on an affected device This vulnerability is due to an uninitialized variable. An attacker could exploit this vulnerability by sending a series of NETCONF or RESTCONF requests to an affected device. A successful exploit could allow the attacker to use NETCONF or RESTCONF to install, manipulate, or delete the configuration of a network device or to corrupt memory on the device, resulting a DoS. | |||||
| CVE-2021-34727 | 1 Cisco | 49 Asr 1000, Asr 1000-esp100, Asr 1000-x and 46 more | 2021-10-13 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. A successful exploit could allow the attacker to cause a buffer overflow and possibly execute arbitrary commands with root-level privileges, or cause the device to reload, which could result in a denial of service condition. | |||||
| CVE-2020-3375 | 1 Cisco | 2 Ios Xe Sd-wan, Sd-wan | 2021-08-06 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access, make changes to the system that they are not authorized to make, and execute commands on an affected system with privileges of the root user. | |||||
| CVE-2021-1301 | 1 Cisco | 13 Ios Xe Sd-wan, Sd-wan Firmware, Sd-wan Vbond Orchestrator and 10 more | 2021-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1300 | 1 Cisco | 13 Ios Xe Sd-wan, Sd-wan Firmware, Sd-wan Vbond Orchestrator and 10 more | 2021-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||