CVE-2020-27128

Cisco SD-WAN vManage Software Arbitrary File Creation Vulnerability

CVSS 6.5 MEDIUMEPSS 60.8%CWE-22

Vexday Risk Score

25Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6.5EPSS 60.8%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

06 nov 2020Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and write files to an arbitrary location on the targeted system.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Productos afectados

Cisco · Cisco SD-WAN vManage

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-file-Y2JSRNRb