CVE-2020-26065 Vulnerability Details

  /     /     /  

CVE-2020-26065 Metadata Quick Info

CVE Published: 04/08/2023 | CVE Updated: 09/10/2024 | CVE Year: 2020
Source: cisco | Vendor: Cisco | Product: Cisco SD-WAN vManage
Status : PUBLISHED

---

CVE-2020-26065 Description

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-22
CWE Name: Improper Limitation of a Pathname to a Restricted Directory ( Path Traversal )
Source: Cisco

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).