Yaar Hahn

**Name of the Vulnerable Software and Affected Versions** Cisco SD-WAN vManage Software (affected versions not specified) **Description** The issue is related to improper validation of requests to APIs within the application data endpoints, allowing an authenticated, remote attacker to write arbitrary files to an affected system. This could enable directory traversal attacks, permitting the attacker to write files to any location on the targeted system. The vulnerability is also associated with incorrect restriction of a directory path name with limited access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco SD-WAN vManage Software (affected versions not specified) **Description** The issue is related to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). This could allow an unauthenticated, remote attacker to gain access to sensitive information, including credentials or user tokens, by conducting directory traversal attacks. The attacker could exploit this by sending malicious requests to an API within the affected application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.