A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of the root user on the underlying operating system. This vulnerability is due to insufficient input validation. An authenticated attacker with read-only privileges on the SD-WAN Manager system could exploit this vulnerability by sending a crafted request to the CLI of the SD-WAN Manager. A successful exploit could allow the attacker to gain root privileges on the underlying operating system.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCisco Catalyst Sd Wan Manager
APPCisco17.2.1017.2.417.2.517.2.617.2.717.2.817.2.918.2.018.3.018.3.118.3.1.118.3.318.3.3.118.3.418.3.5+ 85 więcej
Related vulnerabilities
Cisco Catalyst SD-WAN — pominięcie uwierzytelnienia z dostępem administracyjnym
Cisco Catalyst SD-WAN — ominięcie uwierzytelnienia peering i przejęcie uprawnień
Pominięcie uwierzytelnienia w API Cisco Catalyst SD-WAN Manager
A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Softwar...
A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software cou...