Cisco SD-WAN vManage Software Vulnerability - Escalated Privileges on Local Systems
CVE-2020-26074

7.8HIGH

Key Information:

Vendor: Cisco
Status: Cisco Catalyst Sd-wan Manager
Vendor: CVE Published:; 18 November 2024

Summary

A local attacker with valid access can exploit a vulnerability in the system file transfer functions of Cisco SD-WAN vManage Software to achieve escalated privileges on the underlying operating system. This vulnerability arises from improper validation of path inputs for file transfer operations. An attacker may send specially crafted requests with malicious path variables to the system, potentially allowing them to overwrite arbitrary files. Such exploitation could enable the attacker to alter the system's behavior and gain higher privileges. Cisco has addressed this issue through software updates, and no workarounds are available to mitigate the vulnerability.

Affected Version(s)

Cisco Catalyst SD-WAN Manager 20.1.12

Cisco Catalyst SD-WAN Manager 19.2.1

Cisco Catalyst SD-WAN Manager 18.4.4

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Sep 24, 2020