CVE-2020-3405

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN vManage Software (affected versions not specified)

Description The issue is related to the improper restriction of XML external entity references in the web interface of Cisco SD-WAN vManage Software. This could allow a remote attacker to gain unauthorized access to protected information. The vulnerability is due to the improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this by persuading a user to import a crafted XML file with malicious entries, potentially allowing the attacker to read and write files within the affected application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.