CVE-2020-3437

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN vManage Software (affected versions not specified)

Description The issue is related to a problem with the web-based management interface of Cisco SD-WAN vManage Software, where an incorrect link resolution before accessing a file can be exploited. This could allow a remote attacker to gain unauthorized access to protected information. The vulnerability is due to insufficient file scope limiting, which can be exploited by creating a specific file reference on the filesystem and accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the filesystem of the underlying operating system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.