ID

VAR-202011-1500


CVE

CVE-2020-26065


TITLE

Cisco Systems  Cisco Catalyst SD-WAN Manager  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-018093

DESCRIPTION

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system. Cisco Systems Cisco Catalyst SD-WAN Manager Exists in a past traversal vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2020-26065 // JVNDB: JVNDB-2020-018093 // VULMON: CVE-2020-26065

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:18.4.302

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:18.3.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:18.2.0

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:18.3.4

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:18.3.3

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:17.2.10

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:18.4.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:19.2.31

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:17.2.8

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:18.3.0

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:20.3.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:19.2.0

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:18.4.0.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:20.1.1.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:17.2.5

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:17.2.4

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:18.3.1.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:19.2.097

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:20.1.12

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:17.2.7

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:19.2.2

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:18.3.8

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:17.2.6

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:18.3.3.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:18.4.0

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:18.4.3

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:19.2.099

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:20.1.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:18.3.5

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:19.2.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:18.3.6.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:18.3.7

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:19.2.3

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:19.2.929

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:17.2.9

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:18.4.303

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:18.4.4

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:18.4.5

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:19.3.0

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:19.1.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:18.4.0.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:17.2.7

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:17.2.6

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:18.3.3

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:18.3.8

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:18.2.0

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:18.3.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:17.2.9

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:18.3.1.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:18.3.5

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:18.4.0

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:17.2.8

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:17.2.10

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:18.3.3.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:18.3.4

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:17.2.5

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:18.3.7

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:18.3.0

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:17.2.4

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:18.3.6.1

Trust: 0.8

sources: JVNDB: JVNDB-2020-018093 // NVD: CVE-2020-26065

CVSS

SEVERITY

CVSSV2

CVSSV3

ykramarz@cisco.com: CVE-2020-26065
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2020-26065
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-26065
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202011-321
value: MEDIUM

Trust: 0.6

ykramarz@cisco.com: CVE-2020-26065
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2020-26065
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: JVNDB: JVNDB-2020-018093 // CNNVD: CNNVD-202011-321 // NVD: CVE-2020-26065 // NVD: CVE-2020-26065

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-018093 // NVD: CVE-2020-26065

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202011-321

PATCH

title:cisco-sa-vmanpt2-FqLuefsSurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanpt2-FqLuefsS

Trust: 0.8

title:Cisco SD-WAN vManage Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132570

Trust: 0.6

title:Cisco: Cisco SD-WAN vManage Software Path Traversal Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-vmanpt2-FqLuefsS

Trust: 0.1

sources: VULMON: CVE-2020-26065 // JVNDB: JVNDB-2020-018093 // CNNVD: CNNVD-202011-321

EXTERNAL IDS

db:NVDid:CVE-2020-26065

Trust: 3.3

db:JVNDBid:JVNDB-2020-018093

Trust: 0.8

db:AUSCERTid:ESB-2020.3816

Trust: 0.6

db:CNNVDid:CNNVD-202011-321

Trust: 0.6

db:VULMONid:CVE-2020-26065

Trust: 0.1

sources: VULMON: CVE-2020-26065 // JVNDB: JVNDB-2020-018093 // CNNVD: CNNVD-202011-321 // NVD: CVE-2020-26065

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmanpt2-fqluefss

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26065

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmanpt2-fqluefss

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2020.3816/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2020-26065 // JVNDB: JVNDB-2020-018093 // CNNVD: CNNVD-202011-321 // NVD: CVE-2020-26065

SOURCES

db:VULMONid:CVE-2020-26065
db:JVNDBid:JVNDB-2020-018093
db:CNNVDid:CNNVD-202011-321
db:NVDid:CVE-2020-26065

LAST UPDATE DATE

2024-08-14T14:03:26.139000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-26065date:2023-08-06T00:00:00
db:JVNDBid:JVNDB-2020-018093date:2024-01-19T06:25:00
db:CNNVDid:CNNVD-202011-321date:2020-11-06T00:00:00
db:NVDid:CVE-2020-26065date:2024-01-25T17:15:14.010

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-26065date:2023-08-04T00:00:00
db:JVNDBid:JVNDB-2020-018093date:2024-01-19T00:00:00
db:CNNVDid:CNNVD-202011-321date:2020-11-04T00:00:00
db:NVDid:CVE-2020-26065date:2023-08-04T21:15:10.640