CVE-2020-26073: Cisco SD-WAN vManage Directory Traversal Vulnerability
First published: Mon Nov 18 2024(Updated: )
A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and gain access to sensitive information including credentials or user tokens.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco SD-WAN vManage |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-traversal-hQh24tmk
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-escalation-Jhqs5Skf
Frequently Asked Questions
What is the severity of CVE-2020-26073?
CVE-2020-26073 is classified as a high severity vulnerability.
How do I fix CVE-2020-26073?
To fix CVE-2020-26073, apply the latest security patch released by Cisco for SD-WAN vManage Software.
Who is affected by CVE-2020-26073?
CVE-2020-26073 affects users of Cisco SD-WAN vManage Software that have not implemented the necessary security updates.
What is the impact of CVE-2020-26073?
The impact of CVE-2020-26073 allows an unauthenticated remote attacker to access sensitive information through improper validation of directory traversal sequences.
Is CVE-2020-26073 easy to exploit?
Yes, CVE-2020-26073 can be easily exploited by attackers due to the lack of authentication required.
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco sd-wan vmanage