Cisco SD-WAN Software Vulnerability Discovered

CVE-2020-26071

8.4HIGH

Key Information

Vendor: Cisco
Status: Cisco Catalyst Sd-wan Manager; Cisco Sd-wan Vcontainer; Cisco Sd-wan Vedge Cloud; Cisco Sd-wan Vedge Router
Vendor: CVE Published:; 18 November 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation for specific commands. An attacker could exploit this vulnerability by including crafted arguments to those specific commands. A successful exploit could allow the attacker to create or overwrite arbitrary files on the affected device, which could result in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Affected Version(s)

Cisco Catalyst SD-WAN Manager = 20.1.12

Cisco Catalyst SD-WAN Manager = 19.2.1

Cisco Catalyst SD-WAN Manager = 18.4.4

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Nov 18, 2024
Vulnerability Reserved.
Sep 24, 2020
👾
Exploit exists.
Jan 1, 1970

Collectors

NVD DatabaseMitre Database