Lucene search

K
cve[email protected]CVE-2020-26065
HistoryAug 04, 2023 - 9:15 p.m.

CVE-2020-26065

2023-08-0421:15:10
CWE-22
web.nvd.nist.gov
33
cve-2020-26065
cisco
sd-wan
vmanage
path traversal
http request
vulnerability
nvd
security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.9%

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system.
The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system.

Affected configurations

NVD
Node
ciscocatalyst_sd-wan_managerMatch17.2.4
OR
ciscocatalyst_sd-wan_managerMatch17.2.5
OR
ciscocatalyst_sd-wan_managerMatch17.2.6
OR
ciscocatalyst_sd-wan_managerMatch17.2.7
OR
ciscocatalyst_sd-wan_managerMatch17.2.8
OR
ciscocatalyst_sd-wan_managerMatch17.2.9
OR
ciscocatalyst_sd-wan_managerMatch17.2.10
OR
ciscocatalyst_sd-wan_managerMatch18.2.0
OR
ciscocatalyst_sd-wan_managerMatch18.3.0
OR
ciscocatalyst_sd-wan_managerMatch18.3.1
OR
ciscocatalyst_sd-wan_managerMatch18.3.1.1
OR
ciscocatalyst_sd-wan_managerMatch18.3.3
OR
ciscocatalyst_sd-wan_managerMatch18.3.3.1
OR
ciscocatalyst_sd-wan_managerMatch18.3.4
OR
ciscocatalyst_sd-wan_managerMatch18.3.5
OR
ciscocatalyst_sd-wan_managerMatch18.3.6.1
OR
ciscocatalyst_sd-wan_managerMatch18.3.7
OR
ciscocatalyst_sd-wan_managerMatch18.3.8
OR
ciscocatalyst_sd-wan_managerMatch18.4.0
OR
ciscocatalyst_sd-wan_managerMatch18.4.0.1
OR
ciscocatalyst_sd-wan_managerMatch18.4.1
OR
ciscocatalyst_sd-wan_managerMatch18.4.3
OR
ciscocatalyst_sd-wan_managerMatch18.4.4
OR
ciscocatalyst_sd-wan_managerMatch18.4.5
OR
ciscocatalyst_sd-wan_managerMatch18.4.302
OR
ciscocatalyst_sd-wan_managerMatch18.4.303
OR
ciscocatalyst_sd-wan_managerMatch19.1.0
OR
ciscocatalyst_sd-wan_managerMatch19.2.0
OR
ciscocatalyst_sd-wan_managerMatch19.2.1
OR
ciscocatalyst_sd-wan_managerMatch19.2.2
OR
ciscocatalyst_sd-wan_managerMatch19.2.3
OR
ciscocatalyst_sd-wan_managerMatch19.2.31
OR
ciscocatalyst_sd-wan_managerMatch19.2.097
OR
ciscocatalyst_sd-wan_managerMatch19.2.099
OR
ciscocatalyst_sd-wan_managerMatch19.2.929
OR
ciscocatalyst_sd-wan_managerMatch19.3.0
OR
ciscocatalyst_sd-wan_managerMatch20.1.1
OR
ciscocatalyst_sd-wan_managerMatch20.1.1.1
OR
ciscocatalyst_sd-wan_managerMatch20.1.12
OR
ciscocatalyst_sd-wan_managerMatch20.3.1

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco SD-WAN vManage",
    "versions": [
      {
        "version": "17.2.6",
        "status": "affected"
      },
      {
        "version": "17.2.7",
        "status": "affected"
      },
      {
        "version": "17.2.8",
        "status": "affected"
      },
      {
        "version": "17.2.9",
        "status": "affected"
      },
      {
        "version": "17.2.10",
        "status": "affected"
      },
      {
        "version": "17.2.4",
        "status": "affected"
      },
      {
        "version": "17.2.5",
        "status": "affected"
      },
      {
        "version": "18.3.1.1",
        "status": "affected"
      },
      {
        "version": "18.3.3.1",
        "status": "affected"
      },
      {
        "version": "18.3.3",
        "status": "affected"
      },
      {
        "version": "18.3.4",
        "status": "affected"
      },
      {
        "version": "18.3.5",
        "status": "affected"
      },
      {
        "version": "18.3.7",
        "status": "affected"
      },
      {
        "version": "18.3.8",
        "status": "affected"
      },
      {
        "version": "18.3.6.1",
        "status": "affected"
      },
      {
        "version": "18.3.1",
        "status": "affected"
      },
      {
        "version": "18.3.0",
        "status": "affected"
      },
      {
        "version": "18.4.0.1",
        "status": "affected"
      },
      {
        "version": "18.4.3",
        "status": "affected"
      },
      {
        "version": "18.4.302",
        "status": "affected"
      },
      {
        "version": "18.4.303",
        "status": "affected"
      },
      {
        "version": "18.4.4",
        "status": "affected"
      },
      {
        "version": "18.4.5",
        "status": "affected"
      },
      {
        "version": "18.4.0",
        "status": "affected"
      },
      {
        "version": "18.4.1",
        "status": "affected"
      },
      {
        "version": "19.2.0",
        "status": "affected"
      },
      {
        "version": "19.2.097",
        "status": "affected"
      },
      {
        "version": "19.2.099",
        "status": "affected"
      },
      {
        "version": "19.2.1",
        "status": "affected"
      },
      {
        "version": "19.2.2",
        "status": "affected"
      },
      {
        "version": "19.2.3",
        "status": "affected"
      },
      {
        "version": "19.2.31",
        "status": "affected"
      },
      {
        "version": "19.2.929",
        "status": "affected"
      },
      {
        "version": "20.1.1.1",
        "status": "affected"
      },
      {
        "version": "20.1.12",
        "status": "affected"
      },
      {
        "version": "20.1.1",
        "status": "affected"
      },
      {
        "version": "19.3.0",
        "status": "affected"
      },
      {
        "version": "19.1.0",
        "status": "affected"
      },
      {
        "version": "18.2.0",
        "status": "affected"
      },
      {
        "version": "20.3.1",
        "status": "affected"
      }
    ]
  }
]

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.9%

Related for CVE-2020-26065