CVE-2020-4000 — Path Traversal in Vmware Sd-wan Orchestrator

CWE-22 — Path Traversal CWE-284 — Improper Access Control CWE-601 — Open Redirect13 documents11 sources

Severity

8.8HIGHNVD

EPSS

29.9%

top 3.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Sd-wan Orchestrator

Timeline

PublishedNov 24

Latest updateMay 24

Description

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDvmware/sd-wan_orchestrator3.4.0 — 3.4.4+2

🔴Vulnerability Details

GHSA

GHSA-hqcj-mm82-w3pc: The SD-WAN Orchestrator 3↗2022-05-24

▶

CVEList

CVE-2020-4000: The SD-WAN Orchestrator 3↗2020-11-24

▶

💥Exploits & PoCs

Exploit-DB

Cayin Signage Media Player 3.0 - Remote Command Injection (root)↗2020-06-04

▶

🔍Detection Rules

Suricata

ET EXPLOIT VMware SD-WAN Orchestrator Path Traversal (CVE-2020-4000)↗2022-02-04

▶

📋Vendor Advisories

CVE-2020-5947: In versions 16↗2020-11-19

▶

VMware

VMware SD-WAN Orchestrator updates address multiple security vulnerabilities (CVE-2020-3984, CVE-2020-3985, CVE-2020-4000, CVE-2020-4001, CVE-2020-4002 ,CVE-2020-4003)↗2020-11-18

▶

Cisco

Cisco IOS XE ROM Monitor Software Vulnerability↗2020-09-24

▶

Oracle

Oracle Oracle Supply Chain Risk Matrix: Middle Tier (jython) — CVE-2016-4000↗2020-07-15

▶

Red Hat

macaron: open redirect in the static handler↗2020-05-06

▶

💬Community

Bugzilla

CVE-2020-12666 macaron: open redirect in the static handler↗2020-06-23

▶