Unauthorized Access to Sensitive Information via Directory Traversal
CVE-2020-26073
Summary
The application data endpoints of Cisco SD-WAN vManage Software are vulnerable due to improper validation of directory traversal character sequences. This vulnerability enables an unauthenticated, remote attacker to exploit application programming interfaces (APIs) by sending malicious requests. Successful exploitation could lead to directory traversal attacks, granting access to sensitive information such as credentials or user tokens. Cisco has issued software updates that mitigate this vulnerability, and there are no effective workarounds available.
Affected Version(s)
Cisco Catalyst SD-WAN Manager 20.1.12
Cisco Catalyst SD-WAN Manager 19.2.1
Cisco Catalyst SD-WAN Manager 18.4.4
References
EPSS Score
89% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved