Cisco SD-WAN vManage Software is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to web-based management interface, which could allow the malicious user to view, add, modify or delete information in the back-end database.