Monthly
Cisco Catalyst SD-WAN Manager web UI fails to properly redact sensitive information in device configurations and templates, allowing authenticated users with read-only permissions to extract and leverage privileged credentials to escalate their access and modify system configurations. The vulnerability affects all versions of the product and requires only network access and valid (albeit minimal) read-only credentials; successful exploitation grants attackers high-privileged administrative capability over the SD-WAN fabric.
Privilege escalation in Cisco Catalyst SD-WAN Manager allows authenticated users with read-only permissions to elevate privileges to high-privileged user level through exposure of sensitive session information in audit logs. An attacker with initial read-only access can extract high-privilege session credentials from audit logs and impersonate an administrator, bypassing intended access controls. CVSS score 5.4 (medium) reflects the requirement for initial authentication, though the ease of escalation (AC:L) and direct path to administrative capability represent significant risk in multi-tenant or shared SD-WAN deployments.
Acronis Cyber Protect 17 on Linux and Windows versions prior to build 41186 is vulnerable to denial of service through improper input validation in authentication logging functions. An unauthenticated remote attacker can crash the application or render it unavailable without requiring user interaction. No patch is currently available for this vulnerability.
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. [CVSS 5.3 MEDIUM]
If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server.0.0 through 2.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cisco Catalyst SD-WAN Manager web UI fails to properly redact sensitive information in device configurations and templates, allowing authenticated users with read-only permissions to extract and leverage privileged credentials to escalate their access and modify system configurations. The vulnerability affects all versions of the product and requires only network access and valid (albeit minimal) read-only credentials; successful exploitation grants attackers high-privileged administrative capability over the SD-WAN fabric.
Privilege escalation in Cisco Catalyst SD-WAN Manager allows authenticated users with read-only permissions to elevate privileges to high-privileged user level through exposure of sensitive session information in audit logs. An attacker with initial read-only access can extract high-privilege session credentials from audit logs and impersonate an administrator, bypassing intended access controls. CVSS score 5.4 (medium) reflects the requirement for initial authentication, though the ease of escalation (AC:L) and direct path to administrative capability represent significant risk in multi-tenant or shared SD-WAN deployments.
Acronis Cyber Protect 17 on Linux and Windows versions prior to build 41186 is vulnerable to denial of service through improper input validation in authentication logging functions. An unauthenticated remote attacker can crash the application or render it unavailable without requiring user interaction. No patch is currently available for this vulnerability.
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. [CVSS 5.3 MEDIUM]
If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server.0.0 through 2.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.