First published: Thu Jul 16 2020(Updated: )
A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation of files that are uploaded to an affected device. An attacker could exploit this vulnerability by uploading a crafted file to an affected system. An exploit could allow the attacker to view or modify arbitrary files on the targeted system.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Sd-wan Firmware | <=18.3.0 | |
Cisco Sd-wan Firmware | >=18.4.0<19.2.3 | |
Cisco Sd-wan Firmware | >=19.3.0<=20.1 | |
Cisco 1100-4g Integrated Services Router | ||
Cisco 1100-4gltegb Integrated Services Router | ||
Cisco 1100-4gltena Integrated Services Router | ||
Cisco 1100-6g Integrated Services Router |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-3381.
The severity of CVE-2020-3381 is high with a severity value of 8.8.
The affected software is Cisco SD-WAN vManage Software with versions up to 18.3.0, between 18.4.0 and 19.2.3, and between 19.3.0 and 20.1.
An attacker can exploit CVE-2020-3381 by conducting directory traversal attacks and obtaining read and write access to sensitive files on a targeted system.
Yes, Cisco has released a security advisory with fixes and mitigations for CVE-2020-3381. Please refer to the Cisco Security Advisory for more information.