CVE-2020-26064

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.

Published: Aug 4, 2023
Updated: Aug 10, 2023
CVE: CVE-2020-26064
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
cisco / catalyst_sd-wan_manager	17.2.6	17.2.6.x
cisco / catalyst_sd-wan_manager	17.2.7	17.2.7.x
cisco / catalyst_sd-wan_manager	17.2.5	17.2.5.x
cisco / catalyst_sd-wan_manager	18.3.1.1	18.3.1.1.x
cisco / catalyst_sd-wan_manager	18.3.3.1	18.3.3.1.x
cisco / catalyst_sd-wan_manager	18.3.3	18.3.3.x
cisco / catalyst_sd-wan_manager	18.3.1	18.3.1.x
cisco / catalyst_sd-wan_manager	18.3.0	18.3.0.x
cisco / catalyst_sd-wan_manager	18.4.0.1	18.4.0.1.x
cisco / catalyst_sd-wan_manager	18.4.3	18.4.3.x
cisco / catalyst_sd-wan_manager	18.4.0	18.4.0.x
cisco / catalyst_sd-wan_manager	18.4.1	18.4.1.x
cisco / catalyst_sd-wan_manager	19.2.0	19.2.0.x
cisco / catalyst_sd-wan_manager	19.2.097	19.2.097.x
cisco / catalyst_sd-wan_manager	19.2.31	19.2.31.x
cisco / catalyst_sd-wan_manager	19.2.929	19.2.929.x
cisco / catalyst_sd-wan_manager	20.1.1.1	20.1.1.1.x
cisco / catalyst_sd-wan_manager	20.1.12	20.1.12.x
cisco / catalyst_sd-wan_manager	20.3.1	20.3.1.x
cisco / catalyst_sd-wan_manager	17.2.8	17.2.8.x
cisco / catalyst_sd-wan_manager	17.2.9	17.2.9.x
cisco / catalyst_sd-wan_manager	17.2.10	17.2.10.x
cisco / catalyst_sd-wan_manager	17.2.4	17.2.4.x
cisco / catalyst_sd-wan_manager	18.3.4	18.3.4.x
cisco / catalyst_sd-wan_manager	18.3.5	18.3.5.x
cisco / catalyst_sd-wan_manager	18.3.7	18.3.7.x
cisco / catalyst_sd-wan_manager	18.3.8	18.3.8.x
cisco / catalyst_sd-wan_manager	18.3.6.1	18.3.6.1.x
cisco / catalyst_sd-wan_manager	18.4.302	18.4.302.x
cisco / catalyst_sd-wan_manager	18.4.303	18.4.303.x
cisco / catalyst_sd-wan_manager	18.4.4	18.4.4.x
cisco / catalyst_sd-wan_manager	18.4.5	18.4.5.x
cisco / catalyst_sd-wan_manager	19.2.099	19.2.099.x
cisco / catalyst_sd-wan_manager	19.2.1	19.2.1.x
cisco / catalyst_sd-wan_manager	19.2.2	19.2.2.x
cisco / catalyst_sd-wan_manager	19.2.3	19.2.3.x
cisco / catalyst_sd-wan_manager	20.1.1	20.1.1.x
cisco / catalyst_sd-wan_manager	19.3.0	19.3.0.x
cisco / catalyst_sd-wan_manager	19.1.0	19.1.0.x
cisco / catalyst_sd-wan_manager	18.2.0	18.2.0.x

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx2-KpFVSUc

Vulnerability Database

289,599

CVE-2020-26064