Directory Traversal Vulnerability in Cisco SD-WAN vManage Software
CVE-2020-26065

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Sd-wan Vmanage
Vendor: CVE Published:; 4 August 2023

Badges

👾 Exploit Exists

What is CVE-2020-26065?

A vulnerability exists in the web-based management interface of Cisco SD-WAN vManage Software, allowing an authenticated remote attacker to conduct path traversal attacks. This issue arises from inadequate validation of HTTP requests and could be exploited by sending a specifically crafted HTTP request containing directory traversal sequences. If successfully exploited, an attacker could gain unauthorized read access to sensitive files stored on the affected system.

Affected Version(s)

Cisco SD-WAN vManage 17.2.6

Cisco SD-WAN vManage 17.2.7

Cisco SD-WAN vManage 17.2.8

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Aug 4, 2023
Vulnerability Reserved
Sep 24, 2020