A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges.
oryginał ENCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCisco Catalyst Sd Wan Manager
APPCisco20.1 – 20.1.1 (bez)20.4 – 20.4.1 (bez)20.5 – 20.5.1 (bez)20.3 – 20.3.1 (bez)Cisco Sd Wan Vbond Orchestrator
APPCisco< 18.320.5 – 20.5.1 (bez)20.1 – 20.1.1 (bez)20.3 – 20.3.1 (bez)20.4 – 20.4.1 (bez)Cisco Sd Wan Vmanage
APPCisco< 18.3Cisco Vedge 100
HWCiscowszystkie wersjeCisco Vedge 1000
HWCiscowszystkie wersjeCisco Vedge 1000 Firmware
OSCisco20.1 – 20.1.1 (bez)20.3 – 20.3.1 (bez)20.5 – 20.5.1 (bez)20.4 – 20.4.1 (bez)< 18.3Cisco Vedge 100b
HWCiscowszystkie wersjeCisco Vedge 100b
HWCiscowszystkie wersjeCisco Vedge 100b Firmware
OSCisco< 18.320.3 – 20.3.1 (bez)20.4 – 20.4.1 (bez)20.5 – 20.5.1 (bez)20.1 – 20.1.1 (bez)Cisco Vedge 100b Firmware
OSCisco20.1 – 20.1.1 (bez)20.3 – 20.3.1 (bez)20.4 – 20.4.1 (bez)20.5 – 20.5.1 (bez)< 18.3Cisco Vedge 100 Firmware
OSCisco20.4 – 20.4.1 (bez)< 18.320.1 – 20.1.1 (bez)20.3 – 20.3.1 (bez)20.5 – 20.5.1 (bez)Cisco Vedge 100m
HWCiscowszystkie wersjeCisco Vedge 100m Firmware
OSCisco20.1 – 20.1.1 (bez)< 18.320.3 – 20.3.1 (bez)20.4 – 20.4.1 (bez)20.5 – 20.5.1 (bez)Cisco Vedge 100wm
HWCiscowszystkie wersjeCisco Vedge 100wm Firmware
OSCisco20.4 – 20.4.1 (bez)< 18.320.5 – 20.5.1 (bez)20.3 – 20.3.1 (bez)20.1 – 20.1.1 (bez)Cisco Vedge 2000
HWCiscowszystkie wersjeCisco Vedge 2000 Firmware
OSCisco20.1 – 20.1.1 (bez)20.3 – 20.3.1 (bez)< 18.320.5 – 20.5.1 (bez)20.4 – 20.4.1 (bez)Cisco Vedge 5000
HWCiscowszystkie wersjeCisco Vedge 5000 Firmware
OSCisco20.4 – 20.4.1 (bez)< 18.320.1 – 20.1.1 (bez)20.3 – 20.3.1 (bez)20.5 – 20.5.1 (bez)Cisco Vedge Cloud
HWCiscowszystkie wersjeCisco Vedge Cloud Firmware
OSCisco< 18.320.1 – 20.1.1 (bez)20.3 – 20.3.1 (bez)20.4 – 20.4.1 (bez)20.5 – 20.5.1 (bez)Cisco Vsmart Controller
HWCiscowszystkie wersjeCisco Vsmart Controller Firmware
OSCisco20.5 – 20.5.1 (bez)20.4 – 20.4.1 (bez)20.3 – 20.3.1 (bez)20.1 – 20.1.1 (bez)< 18.3
Powiązane podatności
Cisco Catalyst SD-WAN — pominięcie uwierzytelnienia z dostępem administracyjnym
Cisco Catalyst SD-WAN — ominięcie uwierzytelnienia peering i przejęcie uprawnień
Pominięcie uwierzytelnienia w API Cisco Catalyst SD-WAN Manager
A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Softwar...
A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software cou...