CVE-2020-26074

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN vManage Software (affected versions not specified)

Description A vulnerability in the system file transfer functions could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The issue is due to improper validation of path input to the system file transfer functions. An attacker could exploit this by sending requests with specially crafted path variables to the vulnerable system, potentially allowing them to overwrite arbitrary files and modify the system to gain escalated privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-250CWE-269

Related Identifiers

BDU:2020-05196

CVE-2020-26074

Affected Products

Cisco Sd-Wan Vmanage

CVE-2020-26074

Weakness Enumeration

Related Identifiers

Affected Products

References · 8