PT-2020-4625 · Cisco · Cisco Sd-Wan Vmanage

Published

2020-11-04

Updated

2020-11-24

CVE-2020-27129

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN vManage Software (affected versions not specified)

Description A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. The vulnerability is due to improper validation of commands to the remote management CLI of the affected application. An attacker could exploit this vulnerability by sending malicious requests to the affected application. A successful exploit could allow the attacker to inject arbitrary commands and potentially gain elevated privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88

Related Identifiers

BDU:2020-05174

CVE-2020-27129

Affected Products

Cisco Sd-Wan Vmanage

PT-2020-4625 · Cisco · Cisco Sd-Wan Vmanage

CVE-2020-27129

Weakness Enumeration

Related Identifiers

Affected Products

References · 6