Details of VAR-202011-0733

ID

VAR-202011-0733

CVE

CVE-2020-27128

TITLE

Cisco SD-WAN vManage Path traversal vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-013392

DESCRIPTION

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and write files to an arbitrary location on the targeted system. Cisco SD-WAN vManage The software contains a path traversal vulnerability.Information may be tampered with. The software is a form of network virtualization

Trust: 1.71

sources: NVD: CVE-2020-27128 // JVNDB: JVNDB-2020-013392 // VULHUB: VHN-370503

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan	scope:	lt	version:	20.3.1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013392 // NVD: CVE-2020-27128

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-27128
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-27128
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-27128
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-319
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-370503
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-27128
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-370503
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-27128
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2020-27128
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-370503 // JVNDB: JVNDB-2020-013392 // CNNVD: CNNVD-202011-319 // NVD: CVE-2020-27128 // NVD: CVE-2020-27128

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.1
problemtype:	Path traversal (CWE-22) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-370503 // JVNDB: JVNDB-2020-013392 // NVD: CVE-2020-27128

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-319

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202011-319

PATCH

title:	cisco-sa-vmanage-file-Y2JSRNRb	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-file-Y2JSRNRb	Trust: 0.8
title:	Cisco SD-WAN vManage Software Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132754	Trust: 0.6

sources: JVNDB: JVNDB-2020-013392 // CNNVD: CNNVD-202011-319

EXTERNAL IDS

db:	NVD	id:	CVE-2020-27128	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013392	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-319	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3816	Trust: 0.6
db:	VULHUB	id:	VHN-370503	Trust: 0.1

sources: VULHUB: VHN-370503 // JVNDB: JVNDB-2020-013392 // CNNVD: CNNVD-202011-319 // NVD: CVE-2020-27128

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmanage-file-y2jsrnrb	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27128	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3816/	Trust: 0.6

sources: VULHUB: VHN-370503 // JVNDB: JVNDB-2020-013392 // CNNVD: CNNVD-202011-319 // NVD: CVE-2020-27128

SOURCES

db:	VULHUB	id:	VHN-370503
db:	JVNDB	id:	JVNDB-2020-013392
db:	CNNVD	id:	CNNVD-202011-319
db:	NVD	id:	CVE-2020-27128

LAST UPDATE DATE

2024-11-23T21:35:03.001000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-370503	date:	2020-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-013392	date:	2021-06-29T08:35:00
db:	CNNVD	id:	CNNVD-202011-319	date:	2020-11-24T00:00:00
db:	NVD	id:	CVE-2020-27128	date:	2024-11-21T05:20:45.927

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-370503	date:	2020-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-013392	date:	2021-06-29T00:00:00
db:	CNNVD	id:	CNNVD-202011-319	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2020-27128	date:	2020-11-06T19:15:13.690