CVE-2020-26074

Опубликовано: 18 нояб. 2024

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An attacker could exploit this vulnerability by sending requests that contain specially crafted path variables to the vulnerable system. A successful exploit could allow the attacker to overwrite arbitrary files, allowing the attacker to modify the system in such a way that could allow the attacker to gain escalated privileges.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.7:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.8:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.9:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.10:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.2.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.6:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.7:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.8:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.4:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.5:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.302:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.303:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.501_es:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.0.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.0.1a:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.1.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.3:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.31:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.097:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.098:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.099:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.929:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.3.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.2:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.12:*:*:*:*:*:*:*

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.1:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00061

Низкий

7.8 High

CVSS3

Дефекты

CWE-250

Связанные уязвимости

GHSA-9cj6-mqj9-659v

CVSS3: 7.8

github

около 1 года назад

A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An attacker could exploit this vulnerability by sending requests that contain specially crafted path variables to the vulnerable system. A successful exploit could allow the attacker to overwrite arbitrary files, allowing the attacker to modify the system in such a way that could allow the attacker to gain escalated privileges.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

BDU:2020-05196

CVSS3: 7.8

fstec

больше 5 лет назад

Уязвимость функции передачи системных файлов программно-определяемой сети Cisco SD-WAN, позволяющая нарушителю повысить свои привилегии и получить доступ на изменение, добавление или удаление данных

EPSS

Процентиль: 19%

0.00061

Низкий

7.8 High

CVSS3

Дефекты

CWE-250