Details of VAR-202011-1500

ID

VAR-202011-1500

CVE

CVE-2020-26065

TITLE

Cisco Systems Cisco Catalyst SD-WAN Manager Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-018093

DESCRIPTION

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system. Cisco Systems Cisco Catalyst SD-WAN Manager Exists in a past traversal vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2020-26065 // JVNDB: JVNDB-2020-018093 // VULMON: CVE-2020-26065

AFFECTED PRODUCTS

vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.302	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.2.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.10	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.31	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.8	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.3.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.0.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.1.1.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.5	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.1.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.097	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.1.12	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.7	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.2	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.8	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.6	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.3.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.099	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.1.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.5	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.6.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.3.7	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.2.929	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	17.2.9	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.303	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	18.4.5	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.3.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	19.1.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.4.0.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.7	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.6	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.3	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.8	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.2.0	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.9	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.1.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.5	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.4.0	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.8	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.10	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.3.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.4	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.5	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.7	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.0	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	17.2.4	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	18.3.6.1	Trust: 0.8

sources: JVNDB: JVNDB-2020-018093 // NVD: CVE-2020-26065

CVSS

SEVERITY

CVSSV2

CVSSV3

ykramarz@cisco.com:	CVE-2020-26065
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2020-26065
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-26065
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-321
value:	MEDIUM
Trust: 0.6

ykramarz@cisco.com:	CVE-2020-26065
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2020-26065
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: JVNDB: JVNDB-2020-018093 // CNNVD: CNNVD-202011-321 // NVD: CVE-2020-26065 // NVD: CVE-2020-26065

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-018093 // NVD: CVE-2020-26065

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202011-321

PATCH

title:	cisco-sa-vmanpt2-FqLuefsS	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanpt2-FqLuefsS	Trust: 0.8
title:	Cisco SD-WAN vManage Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132570	Trust: 0.6
title:	Cisco: Cisco SD-WAN vManage Software Path Traversal Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-vmanpt2-FqLuefsS	Trust: 0.1

sources: VULMON: CVE-2020-26065 // JVNDB: JVNDB-2020-018093 // CNNVD: CNNVD-202011-321

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26065	Trust: 3.3
db:	JVNDB	id:	JVNDB-2020-018093	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.3816	Trust: 0.6
db:	CNNVD	id:	CNNVD-202011-321	Trust: 0.6
db:	VULMON	id:	CVE-2020-26065	Trust: 0.1

sources: VULMON: CVE-2020-26065 // JVNDB: JVNDB-2020-018093 // CNNVD: CNNVD-202011-321 // NVD: CVE-2020-26065

REFERENCES

url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmanpt2-fqluefss	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-26065	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmanpt2-fqluefss	Trust: 0.7
url:	https://www.auscert.org.au/bulletins/esb-2020.3816/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2020-26065 // JVNDB: JVNDB-2020-018093 // CNNVD: CNNVD-202011-321 // NVD: CVE-2020-26065

SOURCES

db:	VULMON	id:	CVE-2020-26065
db:	JVNDB	id:	JVNDB-2020-018093
db:	CNNVD	id:	CNNVD-202011-321
db:	NVD	id:	CVE-2020-26065

LAST UPDATE DATE

2024-08-14T14:03:26.139000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-26065	date:	2023-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-018093	date:	2024-01-19T06:25:00
db:	CNNVD	id:	CNNVD-202011-321	date:	2020-11-06T00:00:00
db:	NVD	id:	CVE-2020-26065	date:	2024-01-25T17:15:14.010

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-26065	date:	2023-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2020-018093	date:	2024-01-19T00:00:00
db:	CNNVD	id:	CNNVD-202011-321	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2020-26065	date:	2023-08-04T21:15:10.640