CVE-2020-26073
HIGH EXPLOITED NUCLEICisco Catalyst Sd-wan Manager - Path Traversal
Title source: ruleDescription
A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and gain access to sensitive information including credentials or user tokens.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Nuclei Templates (1)
Cisco SD-WAN vManage Software - Local File Inclusion
HIGHby madrobot
References (3)
Scores
CVSS v3
7.5
EPSS
0.9093
EPSS Percentile
99.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
VulnCheck KEV
2024-01-05
CWE
CWE-35
Status
published
Products (46)
cisco/catalyst_sd-wan_manager
17.2.4
cisco/catalyst_sd-wan_manager
17.2.5
cisco/catalyst_sd-wan_manager
17.2.6
cisco/catalyst_sd-wan_manager
17.2.7
cisco/catalyst_sd-wan_manager
17.2.8
cisco/catalyst_sd-wan_manager
17.2.9
cisco/catalyst_sd-wan_manager
17.2.10
cisco/catalyst_sd-wan_manager
18.2.0
cisco/catalyst_sd-wan_manager
18.3.0
cisco/catalyst_sd-wan_manager
18.3.1
... and 36 more
Published
Nov 18, 2024
Tracked Since
Feb 18, 2026