CVE-2020-27129Argument Injection in Cisco Sd-wan Vmanage

CWE-88Argument Injection4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.2%
top 62.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wan VmanageCisco Sd-wan Vmanage
Timeline
PublishedNov 6
Latest updateMay 24

Description

A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. The vulnerability is due to improper validation of commands to the remote management CLI of the affected application. An attacker could exploit this vulnerability by sending malicious requests to the affected application. A successful exploit could allow the attacker to inject arbitrary commands and p

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/sd-wan_vmanage< 20.3.1

🔴Vulnerability Details

2
GHSA
GHSA-97vg-w35f-v8mj: A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary com2022-05-24
CVEList
Cisco SD-WAN vManage Software Command Injection Vulnerability2020-11-06

📋Vendor Advisories

1
Cisco
Cisco SD-WAN vManage Software Command Injection Vulnerability2020-11-04
CVE-2020-27129 — Argument Injection in Cisco | cvebase