Ios_xe_sd\-Wan - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Ios_xe_sd\-Wan
(Cisco)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	22

Date	Id	Summary	Products	Score	Patch	Annotated
2021-09-23	CVE-2021-1619	A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denial of service (DoS) on an affected device This vulnerability is due to an uninitialized variable. An attacker could exploit this vulnerability by...	Ios_xe, Ios_xe_sd\-Wan, Ios_xe_sd\-Wan_16\.10\.1_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.1_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.1_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.10\.1_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.10\.2_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.2_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.2_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.10\.2_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.10\.3_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.3_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.3_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.10\.3_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.10\.3a_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.3a_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.3a_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.10\.3a_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.10\.3a_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.10\.3b_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.3b_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.3b_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.10\.3b_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.10\.3b_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.10\.4_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.4_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.4_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.10\.4_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.10\.4_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.10\.5_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.5_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.5_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.10\.5_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.10\.5_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.10\.6_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.6_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.10\.6_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.10\.6_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.10\.6_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.11\.1_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.11\.1_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.11\.1_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.11\.1_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.11\.1a_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.11\.1a_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.11\.1a_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.11\.1a_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.11\.1a_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.11\.1b_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.11\.1b_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.11\.1b_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.11\.1b_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.11\.1b_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.11\.1d_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.11\.1d_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.11\.1f_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.11\.1s_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.11\.1s_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.11\.1s_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.11\.1s_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.11\.1s_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.1_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.1_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.1_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.1_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.1a_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1a_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.1a_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1a_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.1a_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.1a_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.1b1_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1b1_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.1b1_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1b1_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.1b1_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.1b1_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.1b_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1b_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.1b_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1b_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.1b_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.1b_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.1c_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1c_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.1c_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1c_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.1c_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.1c_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.1d_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1d_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.1d_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1d_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.1d_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.1d_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.1e_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1e_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.1e_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.1e_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.1e_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.1e_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.2r_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.2r_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.2r_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.2r_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.2r_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.2r_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.3_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.3_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.3_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.3_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.3_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.3_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.4_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.4_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.4_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.4_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.4_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.4_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.4a_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.4a_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.4a_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.12\.5_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.5_when_installed_on_1100_series_industrial_integrated_services, Ios_xe_sd\-Wan_16\.12\.5_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.12\.5_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.12\.5_when_installed_on_cloud_services_router_1000v, Ios_xe_sd\-Wan_16\.12\.5_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.9\.1_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.9\.1_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.9\.1_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.9\.1_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.9\.2_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.9\.2_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.9\.2_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.9\.2_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.9\.3_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.9\.3_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.9\.3_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.9\.3_when_installed_on_integrated_services_virtual, Ios_xe_sd\-Wan_16\.9\.4_when_installed_on_1000_series_integrated_services, Ios_xe_sd\-Wan_16\.9\.4_when_installed_on_4000_series_integrated_services, Ios_xe_sd\-Wan_16\.9\.4_when_installed_on_asr_1000_series_aggregation_services, Ios_xe_sd\-Wan_16\.9\.4_when_installed_on_integrated_services_virtual	9.1
2021-09-23	CVE-2021-34724	A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root user. An attacker must be authenticated on an affected device as a PRIV15 user. This vulnerability is due to insufficient file system protection and the presence of a sensitive file in the bootflash directory on an affected device. An attacker could exploit this vulnerability by overwriting an...	Ios_xe_sd\-Wan	6.0
2021-09-23	CVE-2021-34725	A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the...	Ios_xe_sd\-Wan	6.7
2021-09-23	CVE-2021-34727	A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. A successful exploit could allow the attacker to cause a buffer overflow and possibly execute arbitrary commands with root-level...	Ios_xe_sd\-Wan	9.8
2021-09-23	CVE-2021-34729	A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input in the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands...	Ios_xe, Ios_xe_sd\-Wan	6.7
2021-10-21	CVE-2021-1529	A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.	Ios_xe, Ios_xe_sd\-Wan	7.8
2022-09-30	CVE-2022-20850	A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the...	Ios_xe_sd\-Wan, Sd\-Wan, Sd\-Wan_vbond_orchestrator, Sd\-Wan_vmanage, Sd\-Wan_vsmart_controller	7.1
2023-03-23	CVE-2023-20035	A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run commands could exploit this vulnerability by first authenticating to an affected device using either local terminal access or a management shell interface and then submitting crafted input to the system CLI. A successful...	Ios_xe_sd\-Wan	7.8
2021-01-20	CVE-2021-1300	Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.	Catalyst_sd\-Wan_manager, Ios_xe_sd\-Wan, Sd\-Wan_firmware, Sd\-Wan_vbond_orchestrator, Sd\-Wan_vsmart_controller_firmware	9.8
2021-01-20	CVE-2021-1301	Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.	Catalyst_sd\-Wan_manager, Ios_xe_sd\-Wan, Sd\-Wan_firmware, Sd\-Wan_vbond_orchestrator, Sd\-Wan_vsmart_controller_firmware	9.8