First published: Fri Nov 06 2020(Updated: )
A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and write files to an arbitrary location on the targeted system.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco SD-WAN | <20.3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-27128.
The title of the vulnerability is 'A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system'.
The severity of CVE-2020-27128 is medium with a CVSS score of 6.5.
CVE-2020-27128 affects Cisco SD-WAN vManage Software by allowing an authenticated, remote attacker to write arbitrary files to an affected system.
The vulnerability can be exploited by sending improper requests to the APIs of Cisco SD-WAN vManage Software.