8.4
CVE-2020-26071
- EPSS 0.14%
- Veröffentlicht 18.11.2024 16:15:05
- Zuletzt bearbeitet 04.08.2025 14:42:24
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco SD-WAN vEdge Arbitrary File Creation Vulnerability
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation for specific commands. An attacker could exploit this vulnerability by including crafted arguments to those specific commands. A successful exploit could allow the attacker to create or overwrite arbitrary files on the affected device, which could result in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Catalyst Sd-wan Manager Version17.2.4
Cisco ≫ Catalyst Sd-wan Manager Version17.2.5
Cisco ≫ Catalyst Sd-wan Manager Version17.2.6
Cisco ≫ Catalyst Sd-wan Manager Version17.2.7
Cisco ≫ Catalyst Sd-wan Manager Version17.2.8
Cisco ≫ Catalyst Sd-wan Manager Version17.2.9
Cisco ≫ Catalyst Sd-wan Manager Version17.2.10
Cisco ≫ Catalyst Sd-wan Manager Version18.2.0
Cisco ≫ Catalyst Sd-wan Manager Version18.3.0
Cisco ≫ Catalyst Sd-wan Manager Version18.3.1
Cisco ≫ Catalyst Sd-wan Manager Version18.3.1.1
Cisco ≫ Catalyst Sd-wan Manager Version18.3.3
Cisco ≫ Catalyst Sd-wan Manager Version18.3.3.1
Cisco ≫ Catalyst Sd-wan Manager Version18.3.4
Cisco ≫ Catalyst Sd-wan Manager Version18.3.5
Cisco ≫ Catalyst Sd-wan Manager Version18.3.6
Cisco ≫ Catalyst Sd-wan Manager Version18.3.6.1
Cisco ≫ Catalyst Sd-wan Manager Version18.3.7
Cisco ≫ Catalyst Sd-wan Manager Version18.3.8
Cisco ≫ Catalyst Sd-wan Manager Version18.4.0
Cisco ≫ Catalyst Sd-wan Manager Version18.4.0.1
Cisco ≫ Catalyst Sd-wan Manager Version18.4.1
Cisco ≫ Catalyst Sd-wan Manager Version18.4.3
Cisco ≫ Catalyst Sd-wan Manager Version18.4.4
Cisco ≫ Catalyst Sd-wan Manager Version18.4.5
Cisco ≫ Catalyst Sd-wan Manager Version18.4.302
Cisco ≫ Catalyst Sd-wan Manager Version18.4.303
Cisco ≫ Catalyst Sd-wan Manager Version18.4.501_es
Cisco ≫ Catalyst Sd-wan Manager Version19.0.0
Cisco ≫ Catalyst Sd-wan Manager Version19.0.1a
Cisco ≫ Catalyst Sd-wan Manager Version19.1.0
Cisco ≫ Catalyst Sd-wan Manager Version19.2.0
Cisco ≫ Catalyst Sd-wan Manager Version19.2.1
Cisco ≫ Catalyst Sd-wan Manager Version19.2.2
Cisco ≫ Catalyst Sd-wan Manager Version19.2.3
Cisco ≫ Catalyst Sd-wan Manager Version19.2.097
Cisco ≫ Catalyst Sd-wan Manager Version19.2.098
Cisco ≫ Catalyst Sd-wan Manager Version19.2.099
Cisco ≫ Catalyst Sd-wan Manager Version19.3.0
Cisco ≫ Catalyst Sd-wan Manager Version20.1.1
Cisco ≫ Catalyst Sd-wan Manager Version20.1.1.1
Cisco ≫ Catalyst Sd-wan Manager Version20.1.12
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.335 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 8.4 | 2 | 5.8 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.