CVE-2020-26066

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN vManage Software (affected versions not specified)

Description The issue is related to improper handling of XML External Entity (XXE) entries when parsing certain XML files in the web UI of Cisco SD-WAN vManage Software. This could allow an authenticated, remote attacker to gain read and write access to information stored on an affected system. The attacker could exploit this by persuading a user to import a crafted XML file with malicious entries, potentially allowing the attacker to read and write files within the affected application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.