CVE-2020-26065

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system.

Published: Aug 4, 2023
Updated: Aug 10, 2023
CVE: CVE-2020-26065
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
cisco / catalyst_sd-wan_manager	17.2.6	17.2.6.x
cisco / catalyst_sd-wan_manager	17.2.7	17.2.7.x
cisco / catalyst_sd-wan_manager	17.2.5	17.2.5.x
cisco / catalyst_sd-wan_manager	18.3.1.1	18.3.1.1.x
cisco / catalyst_sd-wan_manager	18.3.3.1	18.3.3.1.x
cisco / catalyst_sd-wan_manager	18.3.3	18.3.3.x
cisco / catalyst_sd-wan_manager	18.3.1	18.3.1.x
cisco / catalyst_sd-wan_manager	18.3.0	18.3.0.x
cisco / catalyst_sd-wan_manager	18.4.0.1	18.4.0.1.x
cisco / catalyst_sd-wan_manager	18.4.3	18.4.3.x
cisco / catalyst_sd-wan_manager	18.4.0	18.4.0.x
cisco / catalyst_sd-wan_manager	18.4.1	18.4.1.x
cisco / catalyst_sd-wan_manager	19.2.0	19.2.0.x
cisco / catalyst_sd-wan_manager	19.2.097	19.2.097.x
cisco / catalyst_sd-wan_manager	19.2.31	19.2.31.x
cisco / catalyst_sd-wan_manager	19.2.929	19.2.929.x
cisco / catalyst_sd-wan_manager	20.1.1.1	20.1.1.1.x
cisco / catalyst_sd-wan_manager	20.1.12	20.1.12.x
cisco / catalyst_sd-wan_manager	20.3.1	20.3.1.x
cisco / catalyst_sd-wan_manager	17.2.8	17.2.8.x
cisco / catalyst_sd-wan_manager	17.2.9	17.2.9.x
cisco / catalyst_sd-wan_manager	17.2.10	17.2.10.x
cisco / catalyst_sd-wan_manager	17.2.4	17.2.4.x
cisco / catalyst_sd-wan_manager	18.3.4	18.3.4.x
cisco / catalyst_sd-wan_manager	18.3.5	18.3.5.x
cisco / catalyst_sd-wan_manager	18.3.7	18.3.7.x
cisco / catalyst_sd-wan_manager	18.3.8	18.3.8.x
cisco / catalyst_sd-wan_manager	18.3.6.1	18.3.6.1.x
cisco / catalyst_sd-wan_manager	18.4.302	18.4.302.x
cisco / catalyst_sd-wan_manager	18.4.303	18.4.303.x
cisco / catalyst_sd-wan_manager	18.4.4	18.4.4.x
cisco / catalyst_sd-wan_manager	18.4.5	18.4.5.x
cisco / catalyst_sd-wan_manager	19.2.099	19.2.099.x
cisco / catalyst_sd-wan_manager	19.2.1	19.2.1.x
cisco / catalyst_sd-wan_manager	19.2.2	19.2.2.x
cisco / catalyst_sd-wan_manager	19.2.3	19.2.3.x
cisco / catalyst_sd-wan_manager	20.1.1	20.1.1.x
cisco / catalyst_sd-wan_manager	19.3.0	19.3.0.x
cisco / catalyst_sd-wan_manager	19.1.0	19.1.0.x
cisco / catalyst_sd-wan_manager	18.2.0	18.2.0.x

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanpt2-FqLuefsS

Vulnerability Database

289,599

CVE-2020-26065