CVE-2020-3381

CWE-22Path Traversal4 documents4 sources
Severity
8.8HIGH
EPSS
0.6%
top 29.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wan FirmwareCisco Cisco Sd-wan Vmanage
Timeline
PublishedJul 16
Latest updateMay 24

Description

A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation of files that are uploaded to an affected device. An attacker could exploit this vulnerability by uploading a crafted file to an affected system. An exploit could allow the attacker to view or modify arbi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/sd-wan_firmware18.4.019.2.3+2

🔴Vulnerability Details

2
GHSA
GHSA-xrg6-2px8-pv79: A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory tr2022-05-24
CVEList
Cisco SD-WAN vManage Software Directory Traversal Vulnerability2020-07-16

📋Vendor Advisories

1
Cisco
Cisco SD-WAN vManage Software Directory Traversal Vulnerability2020-07-15
CVE-2020-3381 (HIGH CVSS 8.8) | A vulnerability in the web manageme | cvebase.io