Stefan Zaryn

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software (affected versions not specified) Description: The issue is related to errors in access control, which could allow an attacker to modify any user account. It may also enable an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco SD-WAN vManage Software (affected versions not specified) **Description** The issue is related to insufficient input validation by the web-based management interface, allowing an authenticated, remote attacker to conduct Cypher query language injection attacks. This could be achieved by sending crafted HTTP requests to the interface of an affected system, potentially resulting in the attacker obtaining sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.