CVE-2020-26074Execution with Unnecessary Privileges in Cisco Catalyst Sd-wan Manager

CWE-250Execution with Unnecessary Privileges4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 75.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Catalyst Sd-wan ManagerCisco Catalyst Sd-wan Manager
Timeline
PublishedNov 18

Description

A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An attacker could exploit this vulnerability by sending requests that contain specially crafted path variables to the vulnerable system. A successful exploit could allow the attacker to overwrite arbitrary

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/catalyst_sd-wan_manager46 versions+45
CVEListV5cisco/cisco_catalyst_sd-wan_manager46 versions+45

🔴Vulnerability Details

2
GHSA
GHSA-9cj6-mqj9-659v: A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated priv2024-11-18
CVEList
Cisco SD-WAN vManage Privilege Escalation Vulnerability2024-11-18

📋Vendor Advisories

1
Cisco
Cisco SD-WAN vManage Software Privilege Escalation Vulnerability2020-11-04
CVE-2020-26074 — Execution with Unnecessary Privileges | cvebase