CVE-2020-26071

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN Software (affected versions not specified)

Description The issue is related to the command-line interface (CLI) of Cisco SD-WAN Software, where insufficient input validation for specific commands could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device. This could result in a denial of service (DoS) condition. The vulnerability is due to incorrect restriction of the directory path name.

Recommendations For Cisco SD-WAN Software, update to a version that includes the fix for this issue, as software updates have been released by Cisco to address this vulnerability. At the moment, there is no information about specific versions that contain a fix for this vulnerability, but applying the latest software updates from Cisco is recommended.