Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-26073Path Traversal: '.../...//' in Cisco Catalyst Sd-wan Manager

CWE-35Path Traversal: '.../...//'7 documents7 sources
Severity
7.5HIGHNVD
EPSS
90.9%
top 0.37%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Cisco Catalyst Sd-wan ManagerCisco Catalyst Sd-wan Manager
Timeline
PublishedNov 18

Description

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDcisco/catalyst_sd-wan_manager46 versions+45
CVEListV5cisco/cisco_catalyst_sd-wan_manager46 versions+45

🔴Vulnerability Details

3
GHSA
GHSA-593h-gxfm-rj8p: A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to s2024-11-18
CVEList
Cisco SD-WAN vManage Directory Traversal Vulnerability2024-11-18
VulnCheck
Cisco SD-WAN vManage Software Directory Traversal Vulnerability2020

💥Exploits & PoCs

1
Nuclei
Cisco SD-WAN vManage Software - Local File Inclusion

🔍Detection Rules

1
Suricata
ET EXPLOIT Cisco SD-WAN vManage Software Directory Traversal (CVE-2020-26073)2022-02-08

📋Vendor Advisories

1
Cisco
Cisco SD-WAN vManage Software Directory Traversal Vulnerability2020-11-04
CVE-2020-26073 — Path Traversal: '.../...//' in Cisco | cvebase