Skip to main content
CVE-2020-3387 HIGH POC THREAT This Week

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Sd Wan Firmware
NVD
CVSS 3.1
8.8
EPSS
13.0%
CVE-2020-13405 HIGH POC PATCH THREAT This Week

userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass PHP Microweber
NVD GitHub
CVSS 3.1
7.5
EPSS
13.7%
CVE-2020-3381 HIGH This Week

A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Sd Wan Firmware
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-3332 HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv110W Wireless N Vpn Firewall Firmware Rv130 Vpn Router Firmware Rv130W Wireless N Multifunction Vpn Router Firmware +1
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-3146 HIGH This Week

Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv110W Wireless N Vpn Firewall Firmware Rv130 Firmware +2
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-3145 HIGH This Week

Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Rv110W Firmware Rv130 Firmware +2
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-3358 HIGH This Week

A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Rv340 Dual Wan Gigabit Vpn Router Firmware Rv340W Dual Wan Gigabit Wireless Ac Vpn Router Firmware Rv345 Dual Wan Gigabit Vpn Router Firmware +1
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-3351 HIGH This Week

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Sd Wan Firmware Vedge Cloud Router Vsmart Controller
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-4462 HIGH This Week

IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XXE Sterling External Authentication Server Sterling Secure Proxy
NVD
CVSS 3.1
8.2
EPSS
3.2%
CVE-2020-3388 HIGH This Week

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Sd Wan Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3380 HIGH This Week

A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Data Center Network Manager
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-3379 HIGH This Week

A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Sd Wan Firmware Vbond Orchestrator Vsmart Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-3180 HIGH This Week

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Sd Wan
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12015 HIGH This Week

A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Mc Works Mc Works32 Energy Analytix Facility Analytix +7
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-12009 HIGH This Week

A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Mc Works Mc Works32 Energy Analytix Facility Analytix +7
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2020-3369 HIGH This Week

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Sd Wan Firmware Vedge Cloud Router
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-3405 HIGH This Week

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE Sd Wan Firmware
NVD
CVSS 3.1
7.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy