2023-08-04 22:00:30 +00:00
{
"id" : "CVE-2020-26065" ,
2025-01-26 03:03:52 +00:00
"sourceIdentifier" : "psirt@cisco.com" ,
2023-08-04 22:00:30 +00:00
"published" : "2023-08-04T21:15:10.640" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T05:19:08.080" ,
2024-01-25 19:00:44 +00:00
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-08-04 22:00:30 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system.\r\n The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system."
}
] ,
"metrics" : {
2023-08-09 22:00:32 +00:00
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 6.5 ,
"baseSeverity" : "MEDIUM" ,
2023-08-09 22:00:32 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2023-08-09 22:00:32 +00:00
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 3.6
}
] ,
2023-08-04 22:00:30 +00:00
"cvssMetricV30" : [
{
2025-01-26 03:03:52 +00:00
"source" : "psirt@cisco.com" ,
2023-08-04 22:00:30 +00:00
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.0" ,
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 6.5 ,
"baseSeverity" : "MEDIUM" ,
2023-08-04 22:00:30 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2023-08-04 22:00:30 +00:00
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 3.6
}
]
} ,
2023-08-09 22:00:32 +00:00
"weaknesses" : [
{
2025-01-26 03:03:52 +00:00
"source" : "psirt@cisco.com" ,
2024-12-08 03:06:42 +00:00
"type" : "Secondary" ,
2023-08-09 22:00:32 +00:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-22"
}
]
2024-01-25 19:00:44 +00:00
} ,
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2024-01-25 19:00:44 +00:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-22"
}
]
2023-08-09 22:00:32 +00:00
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A0D5F32C-BFC1-49CC-BE96-920FCBE567B0"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F621202C-3851-4D7E-BFA2-DABB08E73DB6"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "38132BE5-528B-472E-9249-B226C0DE1C80"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.7:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "37C817B2-DDB9-4CAF-96C9-776482A8597D"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.8:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AC5D29FD-0917-4C1F-AE75-2D63F5C9C58D"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.9:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1E3090C4-15E6-4746-B0D2-27665AB91B08"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.10:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "04E924CC-3161-436D-93F0-066F76172F55"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7ED059CD-AD0A-4748-8390-8CDCF4C4D1CC"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6990E97D-30E9-42A9-AE6A-CC597DF75B0B"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "15B60BA4-EA02-4D0D-82C3-1B08016EF5AE"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E9DC51F7-72D4-4593-8DDE-8AA3955BB826"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B047A011-1C27-4D86-99C1-BFCDC7F04A9B"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DADEA8FB-3298-4534-B65E-81060E3DB45A"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F4C6DF1F-4995-4486-8F90-9EFD6417ABA6"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6D249954-93E0-4124-B9BA-84B9F34D7CB1"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.6.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B7F20EBE-DFDF-4996-93D1-28EE776BC777"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.7:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3DF09CAB-CA1B-428E-9A0B-AADACE9201A0"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.8:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D99ED480-C206-48DD-9DF3-FC60D91B98A3"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4DC515B6-27A3-4723-9792-2BA42EF63E44"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.0.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DEC0BBDA-FAE5-4AF7-81C8-83041A58E8E7"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7A066E28-31B0-46C7-ABB8-F5D1F3A303C9"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C8F536CC-29D6-401E-92C5-964FDBDCCE65"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9139593A-9414-488D-AA3A-5560C643587D"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "07BFB47E-F456-4782-98D7-68D02500FDD3"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.302:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "33BEBE47-AF47-4994-871D-5969270EE5AD"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.303:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A27094E7-E6F3-47CA-A90A-86FEA2F1BE33"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6D6D47A0-43A2-4F9F-830B-B2FB79E779A5"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "87E7B932-950A-4573-832F-8477FABA5929"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A1711A70-5931-4C1F-B522-46AD2E5D7C51"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FE41B8AE-8F1E-4116-BDDC-65B913AD448E"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7EC80219-C760-4CA8-B360-7B6545F502C2"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.31:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F9E425CF-5773-4C17-B284-588DDCE8DE43"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.097:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "34886EDF-1C10-4F57-A82D-FF1AF668E2C1"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.099:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1D7B3B10-6936-4352-9EE7-561BB1918769"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.929:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1EB69F8B-67CB-4296-893A-7A35B155EBEA"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.3.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "491BD04C-85BE-4766-9965-59744D2639CE"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "545F75A3-451C-4993-98AE-51C23EF49927"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.1.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1BB0DD6B-6C4D-4FF4-97AB-815A4566320F"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.12:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "482DC851-7E33-4487-8219-6675091FD7C7"
2023-08-09 22:00:32 +00:00
} ,
{
"vulnerable" : true ,
2023-10-16 18:00:28 +00:00
"criteria" : "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BAFBFE36-6913-4122-A537-F2AA1562FE69"
2023-08-09 22:00:32 +00:00
}
]
}
]
}
] ,
2023-08-04 22:00:30 +00:00
"references" : [
{
"url" : "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanpt2-FqLuefsS" ,
2025-01-26 03:03:52 +00:00
"source" : "psirt@cisco.com" ,
2023-08-09 22:00:32 +00:00
"tags" : [
"Vendor Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanpt2-FqLuefsS" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
2023-08-04 22:00:30 +00:00
}
]
}
