A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCisco Catalyst Sd Wan Manager
APPCisco20.11.1.220.9.3.2
Related vulnerabilities
Cisco Catalyst SD-WAN — pominięcie uwierzytelnienia z dostępem administracyjnym
Cisco Catalyst SD-WAN — ominięcie uwierzytelnienia peering i przejęcie uprawnień
Pominięcie uwierzytelnienia w API Cisco Catalyst SD-WAN Manager
A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software cou...
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to e...