CVE-2020-27128 — Path Traversal in Cisco Sd-wan

CWE-22 — Path Traversal5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

2.4%

top 15.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Sd-wan Cisco Sd-wan Vmanage

Timeline

PublishedNov 6

Latest updateMay 24

Description

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and write files to an arbitrary location on the tar…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_sd-wan_vmanagen/a

▶NVDcisco/sd-wan< 20.3.1

🔴Vulnerability Details

GHSA

GHSA-vgpq-9fqj-mrjr: A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary fi↗2022-05-24

▶

CVEList

Cisco SD-WAN vManage Software Arbitrary File Creation Vulnerability↗2020-11-06

▶

🔍Detection Rules

Suricata

ET EXPLOIT Cisco Viptela vManage Directory Traversal (CVE-2020-27128)↗2022-02-08

▶

📋Vendor Advisories

Cisco

Cisco SD-WAN vManage Software Arbitrary File Creation Vulnerability↗2020-11-04

▶