CVE-2020-26071

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation for specific commands. An attacker could exploit this vulnerability by including crafted arguments to those specific commands. A successful exploit could allow the attacker to create or overwrite arbitrary files on the affected device, which could result in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Published: Nov 18, 2024
Updated: Nov 16, 2025
CVE: CVE-2020-26071
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.4
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
cisco / catalyst_sd-wan_manager	17.2.4	17.2.4.x
cisco / catalyst_sd-wan_manager	17.2.5	17.2.5.x
cisco / catalyst_sd-wan_manager	17.2.6	17.2.6.x
cisco / catalyst_sd-wan_manager	17.2.7	17.2.7.x
cisco / catalyst_sd-wan_manager	17.2.8	17.2.8.x
cisco / catalyst_sd-wan_manager	17.2.9	17.2.9.x
cisco / catalyst_sd-wan_manager	17.2.10	17.2.10.x
cisco / catalyst_sd-wan_manager	18.2.0	18.2.0.x
cisco / catalyst_sd-wan_manager	18.3.0	18.3.0.x
cisco / catalyst_sd-wan_manager	18.3.1	18.3.1.x
cisco / catalyst_sd-wan_manager	18.3.1.1	18.3.1.1.x
cisco / catalyst_sd-wan_manager	18.3.3	18.3.3.x
cisco / catalyst_sd-wan_manager	18.3.3.1	18.3.3.1.x
cisco / catalyst_sd-wan_manager	18.3.4	18.3.4.x
cisco / catalyst_sd-wan_manager	18.3.5	18.3.5.x
cisco / catalyst_sd-wan_manager	18.3.6	18.3.6.x
cisco / catalyst_sd-wan_manager	18.3.6.1	18.3.6.1.x
cisco / catalyst_sd-wan_manager	18.3.7	18.3.7.x
cisco / catalyst_sd-wan_manager	18.3.8	18.3.8.x
cisco / catalyst_sd-wan_manager	18.4.0	18.4.0.x
cisco / catalyst_sd-wan_manager	18.4.0.1	18.4.0.1.x
cisco / catalyst_sd-wan_manager	18.4.1	18.4.1.x
cisco / catalyst_sd-wan_manager	18.4.3	18.4.3.x
cisco / catalyst_sd-wan_manager	18.4.4	18.4.4.x
cisco / catalyst_sd-wan_manager	18.4.5	18.4.5.x
cisco / catalyst_sd-wan_manager	18.4.302	18.4.302.x
cisco / catalyst_sd-wan_manager	18.4.303	18.4.303.x
cisco / catalyst_sd-wan_manager	18.4.501_es	18.4.501_es.x
cisco / catalyst_sd-wan_manager	19.0.0	19.0.0.x
cisco / catalyst_sd-wan_manager	19.0.1a	19.0.1a.x
cisco / catalyst_sd-wan_manager	19.1.0	19.1.0.x
cisco / catalyst_sd-wan_manager	19.2.0	19.2.0.x
cisco / catalyst_sd-wan_manager	19.2.1	19.2.1.x
cisco / catalyst_sd-wan_manager	19.2.2	19.2.2.x
cisco / catalyst_sd-wan_manager	19.2.3	19.2.3.x
cisco / catalyst_sd-wan_manager	19.2.097	19.2.097.x
cisco / catalyst_sd-wan_manager	19.2.098	19.2.098.x
cisco / catalyst_sd-wan_manager	19.2.099	19.2.099.x
cisco / catalyst_sd-wan_manager	19.3.0	19.3.0.x
cisco / catalyst_sd-wan_manager	20.1.1	20.1.1.x
cisco / catalyst_sd-wan_manager	20.1.1.1	20.1.1.1.x
cisco / catalyst_sd-wan_manager	20.1.12	20.1.12.x

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns

Vulnerability Database

313,359

CVE-2020-26071

Deep Security Visibility Without the Complexity