File Retrieval Vulnerability in Cisco Catalyst SD-WAN Manager
CVE-2023-20261

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco SD-WAN vManage
Vendor: CVE Published:; 18 October 2023

Summary

A vulnerability exists in the web UI of Cisco Catalyst SD-WAN Manager, which can be exploited by authenticated remote attackers to retrieve arbitrary files from the underlying Linux file system. This is due to insufficient validation of the parameters sent to the web interface, allowing attackers to issue specially crafted requests after logging in. Successful exploitation could lead to significant data exposure, underscoring the necessity for stringent access controls and regular security assessments.

Affected Version(s)

Cisco SD-WAN vManage 17.2.6

Cisco SD-WAN vManage 17.2.7

Cisco SD-WAN vManage 17.2.8

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2023
Vulnerability Reserved
Oct 27, 2022