CVE-2020-26073

18.11.2024, 16:15

A vulnerability in the application data endpoints of Cisco&nbsp;SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information.
The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and gain access to sensitive information including credentials or user tokens.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cisco	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/RL:X/RC:X/E:X
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
cisco	catalyst_sd-wan_manager	17.2.4
cisco	catalyst_sd-wan_manager	17.2.5
cisco	catalyst_sd-wan_manager	17.2.6
cisco	catalyst_sd-wan_manager	17.2.7
cisco	catalyst_sd-wan_manager	17.2.8
cisco	catalyst_sd-wan_manager	17.2.9
cisco	catalyst_sd-wan_manager	17.2.10
cisco	catalyst_sd-wan_manager	18.2.0
cisco	catalyst_sd-wan_manager	18.3.0
cisco	catalyst_sd-wan_manager	18.3.1
cisco	catalyst_sd-wan_manager	18.3.1.1
cisco	catalyst_sd-wan_manager	18.3.3
cisco	catalyst_sd-wan_manager	18.3.3.1
cisco	catalyst_sd-wan_manager	18.3.4
cisco	catalyst_sd-wan_manager	18.3.5
cisco	catalyst_sd-wan_manager	18.3.6
cisco	catalyst_sd-wan_manager	18.3.6.1
cisco	catalyst_sd-wan_manager	18.3.7
cisco	catalyst_sd-wan_manager	18.3.8
cisco	catalyst_sd-wan_manager	18.4.0
cisco	catalyst_sd-wan_manager	18.4.0.1
cisco	catalyst_sd-wan_manager	18.4.1
cisco	catalyst_sd-wan_manager	18.4.3
cisco	catalyst_sd-wan_manager	18.4.4
cisco	catalyst_sd-wan_manager	18.4.5
cisco	catalyst_sd-wan_manager	18.4.302
cisco	catalyst_sd-wan_manager	18.4.303
cisco	catalyst_sd-wan_manager	18.4.501_es:_es
cisco	catalyst_sd-wan_manager	19.0.0
cisco	catalyst_sd-wan_manager	19.0.1a:a
cisco	catalyst_sd-wan_manager	19.1.0
cisco	catalyst_sd-wan_manager	19.2.0
cisco	catalyst_sd-wan_manager	19.2.1
cisco	catalyst_sd-wan_manager	19.2.2
cisco	catalyst_sd-wan_manager	19.2.3
cisco	catalyst_sd-wan_manager	19.2.31
cisco	catalyst_sd-wan_manager	19.2.097
cisco	catalyst_sd-wan_manager	19.2.098
cisco	catalyst_sd-wan_manager	19.2.099
cisco	catalyst_sd-wan_manager	19.2.929
cisco	catalyst_sd-wan_manager	19.3.0
cisco	catalyst_sd-wan_manager	20.1.1
cisco	catalyst_sd-wan_manager	20.1.1.1
cisco	catalyst_sd-wan_manager	20.1.2
cisco	catalyst_sd-wan_manager	20.1.12
cisco	catalyst_sd-wan_manager	20.3.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-35 - Path Traversal: '.../...//'
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-traversal-hQh24tmk

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-escalation-Jhqs5Skf