Lucene search

[email protected]NVD:CVE-2020-26064

HistoryAug 04, 2023 - 9:15 p.m.

CVE-2020-26064

2023-08-0421:15:09

CWE-611

[email protected]

web.nvd.nist.gov

cisco sd-wan

vmanage software

vulnerability

web ui

xml

exploit

remote attacker

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

JSON

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system.
The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.

Affected configurations

NVD

Node

ciscocatalyst_sd-wan_managerMatch17.2.4

ciscocatalyst_sd-wan_managerMatch17.2.5

ciscocatalyst_sd-wan_managerMatch17.2.6

ciscocatalyst_sd-wan_managerMatch17.2.7

ciscocatalyst_sd-wan_managerMatch17.2.8

ciscocatalyst_sd-wan_managerMatch17.2.9

ciscocatalyst_sd-wan_managerMatch17.2.10

ciscocatalyst_sd-wan_managerMatch18.2.0

ciscocatalyst_sd-wan_managerMatch18.3.0

ciscocatalyst_sd-wan_managerMatch18.3.1

ciscocatalyst_sd-wan_managerMatch18.3.1.1

ciscocatalyst_sd-wan_managerMatch18.3.3

ciscocatalyst_sd-wan_managerMatch18.3.3.1

ciscocatalyst_sd-wan_managerMatch18.3.4

ciscocatalyst_sd-wan_managerMatch18.3.5

ciscocatalyst_sd-wan_managerMatch18.3.6.1

ciscocatalyst_sd-wan_managerMatch18.3.7

ciscocatalyst_sd-wan_managerMatch18.3.8

ciscocatalyst_sd-wan_managerMatch18.4.0

ciscocatalyst_sd-wan_managerMatch18.4.0.1

ciscocatalyst_sd-wan_managerMatch18.4.1

ciscocatalyst_sd-wan_managerMatch18.4.3

ciscocatalyst_sd-wan_managerMatch18.4.4

ciscocatalyst_sd-wan_managerMatch18.4.5

ciscocatalyst_sd-wan_managerMatch18.4.302

ciscocatalyst_sd-wan_managerMatch18.4.303

ciscocatalyst_sd-wan_managerMatch19.1.0

ciscocatalyst_sd-wan_managerMatch19.2.0

ciscocatalyst_sd-wan_managerMatch19.2.1

ciscocatalyst_sd-wan_managerMatch19.2.2

ciscocatalyst_sd-wan_managerMatch19.2.3

ciscocatalyst_sd-wan_managerMatch19.2.31

ciscocatalyst_sd-wan_managerMatch19.2.097

ciscocatalyst_sd-wan_managerMatch19.2.099

ciscocatalyst_sd-wan_managerMatch19.2.929

ciscocatalyst_sd-wan_managerMatch19.3.0

ciscocatalyst_sd-wan_managerMatch20.1.1

ciscocatalyst_sd-wan_managerMatch20.1.1.1

ciscocatalyst_sd-wan_managerMatch20.1.12

ciscocatalyst_sd-wan_managerMatch20.3.1

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx2-KpFVSUc

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

JSON

Related for NVD:CVE-2020-26064

prion1 cvelist1 cisco1 nessus1 cve1