Andrew Kim

**Name of the Vulnerable Software and Affected Versions** Cisco Catalyst SD-WAN Manager (affected versions not specified) **Description** A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. The attacker must have valid read-only credentials with CLI access on the affected system. This issue is due to improper access controls on files that are on the local file system. An attacker could exploit this by running a series of crafted commands, potentially gaining privileges of the root user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Catalyst SD-WAN Manager (affected versions not specified) **Description** A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain privileges of the root user on the underlying operating system. This issue is due to insufficient input validation, allowing an attacker with read-only privileges to exploit the vulnerability by sending a crafted request to the CLI. A successful exploit could allow the attacker to gain root privileges on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Intersight Virtual Appliance (affected versions not specified) **Description** A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker access to internal subnets beyond the sphere of their intended access level. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Identity Services Engine (ISE) (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands, which could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Identity Services Engine (ISE) (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands, which could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Identity Services Engine (ISE) (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands. These vulnerabilities could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. The vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco SD-WAN vManage Software (affected versions not specified) **Description** A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to exploit this vulnerability. This vulnerability exists because a file leveraged by a root user is executed when a low-privileged user runs specific commands on an affected system. An attacker could exploit this vulnerability by injecting arbitrary commands to a specific file as a lower-privileged user and then waiting until an admin user executes specific commands. The commands would then be executed on the device by the root user. A successful exploit could allow the attacker to escalate their privileges on the affected system from a low-privileged user to the root user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) (affected versions not specified) **Description** The issue is related to insufficient access control in the Common Execution Environment (CEE) ConfD CLI, which could allow an authenticated, local attacker to escalate privileges on an affected device. An attacker could exploit this by authenticating as a CEE ConfD CLI user and executing a specific CLI command, potentially accessing privileged containers with root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco SD-WAN vManage Software (affected versions not specified) **Description** The issue is related to insufficient authorization checks in the web-based messaging service interface of Cisco SD-WAN vManage Software. This could allow an unauthenticated, adjacent attacker to bypass authentication and authorization, and modify the configuration of an affected system by sending crafted HTTP requests to the web-based messaging service interface. A successful exploit could allow the attacker to gain unauthenticated read and write access to the affected vManage system, access information about the system, modify its configuration, or make configuration changes to devices managed by the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco IOS XE SD-WAN Software (affected versions not specified) **Description** A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected device as a low-privileged user to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting arbitrary commands to a file as a lower-privileged user. The commands are then executed on the device by the root user. A successful exploit could allow the attacker to execute arbitrary commands as the root user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco SD-WAN vBond Orchestrator versions (affected versions not specified) Cisco SD-WAN vEdge Cloud Routers versions (affected versions not specified) Cisco SD-WAN vEdge Routers versions (affected versions not specified) Cisco SD-WAN vSmart Controller versions (affected versions not specified) Cisco SD-WAN vManage versions (affected versions not specified) **Description** The issue exists due to insufficient input validation in the symbolic link creation function of the Cisco SD-WAN software. This could allow a remote attacker to cause a denial of service. Multiple vulnerabilities in Cisco SD-WAN products may allow an unauthenticated, remote attacker to execute denial of service attacks against an affected device. **Recommendations** For Cisco SD-WAN vBond Orchestrator, update to a version that includes the fix for this issue. For Cisco SD-WAN vEdge Cloud Routers, update to a version that includes the fix for this issue. For Cisco SD-WAN vEdge Routers, update to a version that includes the fix for this issue. For Cisco SD-WAN vSmart Controller, update to a version that includes the fix for this issue. For Cisco SD-WAN vManage, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the affected devices until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Cisco SD-WAN products (affected versions not specified) **Description** The issue concerns multiple vulnerabilities in Cisco SD-WAN products that could allow an authenticated attacker to perform command injection attacks against an affected device. This could enable the attacker to take certain actions with root privileges on the device. Specifically, the vulnerability in the vAnalytics function of the Cisco SD-WAN solution is related to insufficient input validation, which could allow a remote attacker to impact data integrity. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.