Cisco SD-WAN Software Vulnerability Discovered
CVE-2020-26071

8.4HIGH

Key Information:

Vendor: Cisco
Status: Cisco Catalyst Sd-wan Manager; Cisco Sd-wan Vcontainer; Cisco Sd-wan Vedge Cloud; Cisco Sd-wan Vedge Router
Vendor: CVE Published:; 18 November 2024

Summary

A vulnerability has been identified in the Command Line Interface (CLI) of Cisco SD-WAN Software, allowing an authenticated local attacker to create or overwrite arbitrary files on the device. This situation arises from inadequate input validation for certain commands within the software. By injecting crafted arguments into these commands, an attacker could potentially disrupt the normal operation of the device, resulting in a denial of service condition. Cisco has addressed this issue in subsequent software updates, and there are no known workarounds to mitigate the risk. Users are advised to apply the latest updates to protect their systems.

Affected Version(s)

Cisco Catalyst SD-WAN Manager 20.1.12

Cisco Catalyst SD-WAN Manager 19.2.1

Cisco Catalyst SD-WAN Manager 18.4.4

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Sep 24, 2020