Skip to main content

Sd Wan Orchestrator

7 CVEs product

Monthly

CVE-2022-27506 LOW Monitor

Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sd Wan 110 Firmware Sd Wan 210 Firmware Sd Wan 400 Firmware Sd Wan 410 Firmware +10
NVD
CVSS 3.1
2.7
EPSS
0.6%
CVE-2020-4003 MEDIUM This Month

VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi VMware Sd Wan Orchestrator
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-4002 HIGH This Week

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Sd Wan Orchestrator
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-4001 CRITICAL Act Now

The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Orchestrator
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-4000 HIGH This Week

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Sd Wan Orchestrator
NVD
CVSS 3.1
8.8
EPSS
43.0%
CVE-2020-3985 HIGH This Week

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Sd Wan Orchestrator
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-3984 MEDIUM This Month

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sd Wan Orchestrator
NVD
CVSS 3.1
6.5
EPSS
22.4%
EPSS 1% CVSS 2.7
LOW Monitor

Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sd Wan 110 Firmware Sd Wan 210 Firmware +12
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi VMware +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Sd Wan Orchestrator
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Orchestrator
NVD
EPSS 43% CVSS 8.8
HIGH This Week

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Sd Wan Orchestrator
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Sd Wan Orchestrator
NVD
EPSS 22% CVSS 6.5
MEDIUM This Month

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sd Wan Orchestrator
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy