CVE-2020-26073

Path Traversal: '.../...//' (CWE-35)

Published: Nov 18, 2024 / Updated: 1d ago

010
CVSS 7.5No EPSS yetHigh
CVE info copied to clipboard

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and gain access to sensitive information including credentials or user tokens.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2020-26073. See article

Nov 4, 2020 at 4:03 PM / tools.cisco.com
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 18, 2024 at 4:05 PM
CVE Assignment

NVD published the first details for CVE-2020-26073

Nov 18, 2024 at 4:15 PM
CVSS

A CVSS base score of 7.5 has been assigned.

Nov 18, 2024 at 4:20 PM / nvd
Static CVE Timeline Graph

Affected Systems

Cisco/sd-wan_vmanage
+null more

News

High - CVE-2020-26073 - A vulnerability in the application data...
A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability...
CVE-2020-26073 | Cisco Catalyst SD-WAN Manager up to 20.3.1 Application Data Endpoint path traversal (cisco-sa-vman-traversal-hQh24tmk)
A vulnerability was found in Cisco Catalyst SD-WAN Manager . It has been rated as problematic . This issue affects some unknown processing of the component Application Data Endpoint . The manipulation leads to path traversal: '.../...//'. The identification of this vulnerability is CVE-2020-26073 . The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
Cisco SD-WAN vManage Directory Traversal Vulnerability
Cisco - HIGH - CVE-2020-26073 A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and gain access to sensitive information including credentials or user tokens.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Cisco SD-WAN vManage Directory Traversal VulnerabilityA vulnerability in the ...
A successful exploit could allow the attacker to conduct directory traversal attacks and gain access to sensitive information including credentials or user tokens.Cisco has released software updates that address this vulnerability. An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application.
CVE-2020-26073
A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and gain access to sensitive information including credentials or user tokens.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
See 8 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI