Unauthorized Access to Sensitive Information via Directory Traversal
CVE-2020-26073

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Catalyst Sd-wan Manager
Vendor: CVE Published:; 18 November 2024

Summary

The application data endpoints of Cisco SD-WAN vManage Software are vulnerable due to improper validation of directory traversal character sequences. This vulnerability enables an unauthenticated, remote attacker to exploit application programming interfaces (APIs) by sending malicious requests. Successful exploitation could lead to directory traversal attacks, granting access to sensitive information such as credentials or user tokens. Cisco has issued software updates that mitigate this vulnerability, and there are no effective workarounds available.

Affected Version(s)

Cisco Catalyst SD-WAN Manager 20.1.12

Cisco Catalyst SD-WAN Manager 19.2.1

Cisco Catalyst SD-WAN Manager 18.4.4

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Sep 24, 2020