Skip to main content

Sd Wan Vmanage CVE-2020-27129

MEDIUM
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)
2020-11-06 psirt@cisco.com
6.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 06, 2020 - 19:15 nvd
MEDIUM 6.7

DescriptionNVD

A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. The vulnerability is due to improper validation of commands to the remote management CLI of the affected application. An attacker could exploit this vulnerability by sending malicious requests to the affected application. A successful exploit could allow the attacker to inject arbitrary commands and potentially gain elevated privileges.

AnalysisAI

A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-88. A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. The vulnerability is due to improper validation of commands to the remote management CLI of the affected application. An attacker could exploit this vulnerability by sending malicious requests to the affected application. A successful exploit could allow the attacker to inject arbitrary commands and potentially gain elevated privileges. Affected products include: Cisco Sd-Wan Vmanage.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-1468 CRITICAL
9.8 May 06

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

CVE-2021-1479 CRITICAL
9.8 Apr 08

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

CVE-2023-20214 CRITICAL
9.1 Aug 03

A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow a

CVE-2021-1225 CRITICAL
9.1 Jan 20

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthent

CVE-2022-20696 HIGH
8.8 Sep 08

A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated,

CVE-2021-1508 HIGH
8.8 May 06

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

CVE-2021-1505 HIGH
8.8 May 06

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

CVE-2021-1284 HIGH
8.8 May 06

A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthentic

CVE-2022-20818 HIGH
7.8 Sep 30

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevat

CVE-2021-1514 HIGH
7.8 May 06

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary com

CVE-2021-1480 HIGH
7.8 Apr 08

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

CVE-2021-1137 HIGH
7.8 Apr 08

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

Share

CVE-2020-27129 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy