Vulnerabilities (CVE)

Filtered by vendor Cisco Subscribe
Filtered by product 1100-4gltegb Integrated Services Router
Total 34 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-3393 1 Cisco 128 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 125 more 2024-02-28 7.2 HIGH 7.8 HIGH
A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. The attacker could execute IOS XE commands outside the application-hosting subsystem Docker container as well as on the underlying Linux operating system. These commands could be run as the root user. The vulnerability is due to a combination of two factors: (a) incomplete input validation of the user payload of CLI commands, and (b) improper role-based access control (RBAC) when commands are issued at the command line within the application-hosting subsystem. An attacker could exploit this vulnerability by using a CLI command with crafted user input. A successful exploit could allow the lower-privileged attacker to execute arbitrary CLI commands with root privileges. The attacker would need valid user credentials to exploit this vulnerability.
CVE-2020-3408 1 Cisco 129 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 126 more 2024-02-28 7.8 HIGH 8.6 HIGH
A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine that is used with the Split DNS feature of affected releases may time out when it processes the DNS name list configuration. An attacker could exploit this vulnerability by trying to resolve an address or hostname that the affected device handles. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
CVE-2020-3401 1 Cisco 12 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 9 more 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to the affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system.
CVE-2020-3180 1 Cisco 13 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 10 more 2024-02-28 7.2 HIGH 7.8 HIGH
A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to an affected system by using this account. A successful exploit could allow the attacker to log in by using this account with root privileges.
CVE-2020-3387 1 Cisco 5 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 2 more 2024-02-28 9.0 HIGH 8.8 HIGH
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit this vulnerability by sending a crafted response to the Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to access the software and execute commands they should not be authorized to execute.
CVE-2020-3264 1 Cisco 15 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 12 more 2024-02-28 6.6 MEDIUM 7.1 HIGH
A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access and make changes to the system that they are not authorized to make.
CVE-2019-16012 1 Cisco 12 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 9 more 2024-02-28 8.5 HIGH 8.1 HIGH
A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web UI improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on, or return values from, the underlying database as well as the operating system.
CVE-2020-3372 1 Cisco 12 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 9 more 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to the affected web-based management interface. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and could result in a DoS condition.
CVE-2020-3265 1 Cisco 15 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 12 more 2024-02-28 7.2 HIGH 7.8 HIGH
A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain root-level privileges.
CVE-2020-3381 1 Cisco 5 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 2 more 2024-02-28 6.5 MEDIUM 8.8 HIGH
A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation of files that are uploaded to an affected device. An attacker could exploit this vulnerability by uploading a crafted file to an affected system. An exploit could allow the attacker to view or modify arbitrary files on the targeted system.
CVE-2020-3388 1 Cisco 5 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 2 more 2024-02-28 7.2 HIGH 7.8 HIGH
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated to access the CLI. A successful exploit could allow the attacker to execute commands with root privileges.
CVE-2020-3378 1 Cisco 12 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 9 more 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data.
CVE-2020-3266 1 Cisco 12 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 9 more 2024-02-28 7.2 HIGH 7.8 HIGH
A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.
CVE-2019-16010 1 Cisco 12 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 9 more 2024-02-28 3.5 LOW 4.8 MEDIUM
A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the vManage software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.