A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to redact sensitive information within device configurations and templates. An attacker could exploit this vulnerability by elevating their read-only permissions to those of a high-privileged user. A successful exploit could allow the attacker to access or modify configuration settings within Cisco Catalyst SD-WAN Manager as a high-privileged user.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NCisco Catalyst Sd Wan Manager
APPCisco20.12.720.10 – 20.12.5.4 (bez)20.12.6 – 20.12.6.2 (bez)20.13 – 20.15.4.4 (bez)< 20.9.9.120.16 – 20.18.2.2 (bez)26.1 – 26.1.1.1 (bez)20.15.5 – 20.15.5.2 (bez)
Powiązane podatności
Cisco Catalyst SD-WAN — pominięcie uwierzytelnienia z dostępem administracyjnym
Cisco Catalyst SD-WAN — ominięcie uwierzytelnienia peering i przejęcie uprawnień
Pominięcie uwierzytelnienia w API Cisco Catalyst SD-WAN Manager
A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Softwar...
A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software cou...