XML External Entity Processing Issue in Cisco SD-WAN vManage Software
CVE-2020-26064

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Sd-wan Vmanage
Vendor: CVE Published:; 4 August 2023

Badges

👾 Exploit Exists

Summary

A vulnerability exists in the web UI of Cisco SD-WAN vManage Software that may enable an authenticated attacker to gain unauthorized read and write access to sensitive data stored on the affected system. This arises from improper handling of XML External Entity (XXE) entries during the parsing of specific XML files. The exploitation involves convincing a user to import a maliciously crafted XML file, leading to unauthorized data manipulation within the application.

Affected Version(s)

Cisco SD-WAN vManage 17.2.6

Cisco SD-WAN vManage 17.2.7

Cisco SD-WAN vManage 17.2.8

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Aug 4, 2023
Vulnerability Reserved
Sep 24, 2020