Cisco SD-WAN vManage Software Vulnerability Allows Directory Traversal and Sensitive File Access
CVE-2021-1465

4.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Catalyst Sd-wan Manager
Vendor: CVE Published:; 18 November 2024

Summary

A vulnerability exists in the web-based management interface of Cisco SD-WAN vManage Software, allowing an authenticated remote attacker to exploit insufficient validation of HTTP requests. By sending specifically crafted HTTP requests that include directory traversal character sequences, an attacker could navigate through the file system and gain unauthorized read access to sensitive files on the affected system. This vulnerability highlights the critical need for reinforced security measures in web management interfaces to prevent unauthorized file access and potential system compromise.

Affected Version(s)

Cisco Catalyst SD-WAN Manager 17.2.6

Cisco Catalyst SD-WAN Manager 17.2.7

Cisco Catalyst SD-WAN Manager 17.2.8

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Nov 13, 2020