3 matches found
CVE-2020-26064
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity XXE entries when parsing certain XML...
CVE-2020-26064
CVE-2020-26064 is a Cisco SD-WAN vManage XXE vulnerability. The issue arises from improper handling of XML External Entity entries when parsing certain XML files, allowing an authenticated, remote attacker to read and write files on the affected system after tricking a user into importing a craft...
Cisco SD-WAN vManage Software XXE (cisco-sa-vmanx2-KpFVSUc)
According to its self-reported version, Cisco SD-WAN vManage is affected by an XML external entity XXE vulnerability due to an issue parsing certain XML files. An authenticated, remote attacker can exploit this, by persuading a user to import a crafted XML file with malicious entries, to gain rea...