CVE-2020-3381

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN vManage Software (affected versions not specified)

Description The issue is related to a lack of proper validation of files uploaded to an affected device, allowing an authenticated, remote attacker to conduct directory traversal attacks. This could provide read and write access to sensitive files on a targeted system. An attacker could exploit this by uploading a crafted file to an affected system, potentially allowing them to view or modify arbitrary files.

Recommendations For Cisco SD-WAN vManage Software, consider restricting access to the file upload feature until a proper fix is applied. As a temporary workaround, consider implementing additional validation for uploaded files to prevent directory traversal attacks. Avoid using the file upload feature in the web management interface until the issue is resolved.