Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-26073
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Cisco SD-WAN vManage Directory Traversal Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and gain access to sensitive information including credentials or user tokens.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
路径遍历:’…/…//’
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco?SD-WAN vManage 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco?SD-WAN vManage是美国思科(Cisco)公司的一款可提供软件定义网络功能的软件。该软件为网络虚拟化的一种方式。 Cisco SD-WAN vManage Software中的application data endpoints存在信息泄露漏洞,成功的利用该漏洞可使攻击者能够进行目录遍历攻击并获得对敏感信息的访问权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
CiscoCisco Catalyst SD-WAN Manager 20.1.12 -
II. Public POCs for CVE-2020-26073
#POC DescriptionSource LinkShenlong Link
1Cisco SD-WAN vManage Software in the application data endpoints is vulnerable to local file inclusion which could allow an unauthenticated, remote attacker to gain access to sensitive information. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-26073.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2020-26073
Please Login to view more intelligence information
New Vulnerabilities
Product: Cisco Catalyst SD-WAN Manager
Vendor: Cisco
Same weakness: CWE-35
V. Comments for CVE-2020-26073

No comments yet

Leave a comment