ID

VAR-202011-0733


CVE

CVE-2020-27128


TITLE

Cisco SD-WAN vManage  Path traversal vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-013392

DESCRIPTION

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and write files to an arbitrary location on the targeted system. Cisco SD-WAN vManage The software contains a path traversal vulnerability.Information may be tampered with. The software is a form of network virtualization

Trust: 1.71

sources: NVD: CVE-2020-27128 // JVNDB: JVNDB-2020-013392 // VULHUB: VHN-370503

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wanscope:ltversion:20.3.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-013392 // NVD: CVE-2020-27128

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-27128
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-27128
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-27128
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202011-319
value: MEDIUM

Trust: 0.6

VULHUB: VHN-370503
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-27128
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-370503
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-27128
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2020-27128
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-370503 // JVNDB: JVNDB-2020-013392 // CNNVD: CNNVD-202011-319 // NVD: CVE-2020-27128 // NVD: CVE-2020-27128

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:Path traversal (CWE-22) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-370503 // JVNDB: JVNDB-2020-013392 // NVD: CVE-2020-27128

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-319

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202011-319

PATCH

title:cisco-sa-vmanage-file-Y2JSRNRburl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-file-Y2JSRNRb

Trust: 0.8

title:Cisco SD-WAN vManage Software Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132754

Trust: 0.6

sources: JVNDB: JVNDB-2020-013392 // CNNVD: CNNVD-202011-319

EXTERNAL IDS

db:NVDid:CVE-2020-27128

Trust: 2.5

db:JVNDBid:JVNDB-2020-013392

Trust: 0.8

db:CNNVDid:CNNVD-202011-319

Trust: 0.7

db:AUSCERTid:ESB-2020.3816

Trust: 0.6

db:VULHUBid:VHN-370503

Trust: 0.1

sources: VULHUB: VHN-370503 // JVNDB: JVNDB-2020-013392 // CNNVD: CNNVD-202011-319 // NVD: CVE-2020-27128

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmanage-file-y2jsrnrb

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-27128

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.3816/

Trust: 0.6

sources: VULHUB: VHN-370503 // JVNDB: JVNDB-2020-013392 // CNNVD: CNNVD-202011-319 // NVD: CVE-2020-27128

SOURCES

db:VULHUBid:VHN-370503
db:JVNDBid:JVNDB-2020-013392
db:CNNVDid:CNNVD-202011-319
db:NVDid:CVE-2020-27128

LAST UPDATE DATE

2024-08-14T14:03:26.038000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-370503date:2020-11-20T00:00:00
db:JVNDBid:JVNDB-2020-013392date:2021-06-29T08:35:00
db:CNNVDid:CNNVD-202011-319date:2020-11-24T00:00:00
db:NVDid:CVE-2020-27128date:2023-11-07T03:20:48.333

SOURCES RELEASE DATE

db:VULHUBid:VHN-370503date:2020-11-06T00:00:00
db:JVNDBid:JVNDB-2020-013392date:2021-06-29T00:00:00
db:CNNVDid:CNNVD-202011-319date:2020-11-04T00:00:00
db:NVDid:CVE-2020-27128date:2020-11-06T19:15:13.690