CVE-2020-27128

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN vManage Software (affected versions not specified)

Description The issue is related to improper validation of requests to APIs within the application data endpoints, allowing an authenticated, remote attacker to write arbitrary files to an affected system. This could enable directory traversal attacks, permitting the attacker to write files to any location on the targeted system. The vulnerability is also associated with incorrect restriction of a directory path name with limited access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.