We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2020-26074

Cisco SD-WAN vManage Privilege Escalation Vulnerability



Description

A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An attacker could exploit this vulnerability by sending requests that contain specially crafted path variables to the vulnerable system. A successful exploit could allow the attacker to overwrite arbitrary files, allowing the attacker to modify the system in such a way that could allow the attacker to gain escalated privileges.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Reserved 2020-09-24 | Published 2024-11-18 | Updated 2024-11-18 | Assigner cisco


HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:X/RC:X/E:X

Problem types

Execution with Unnecessary Privileges

Product status

Default status
unknown

20.1.12
affected

19.2.1
affected

18.4.4
affected

18.4.5
affected

20.1.1.1
affected

20.1.1
affected

19.3.0
affected

19.2.2
affected

19.2.099
affected

18.3.6
affected

18.3.7
affected

19.2.0
affected

18.3.8
affected

19.0.0
affected

19.1.0
affected

18.4.302
affected

18.4.303
affected

19.2.097
affected

19.2.098
affected

17.2.10
affected

18.3.6.1
affected

19.0.1a
affected

18.2.0
affected

18.4.3
affected

18.4.1
affected

17.2.8
affected

18.3.3.1
affected

18.4.0
affected

18.3.1
affected

17.2.6
affected

17.2.9
affected

18.3.4
affected

17.2.5
affected

18.3.1.1
affected

18.3.5
affected

18.4.0.1
affected

18.3.3
affected

17.2.7
affected

17.2.4
affected

18.3.0
affected

19.2.3
affected

18.4.501_ES
affected

20.3.1
affected

20.1.2
affected

19.2.929
affected

19.2.31
affected

References

sec.cloudapps.cisco.com/...co-sa-vmanage-escalation-Jhqs5Skf (cisco-sa-vmanage-escalation-Jhqs5Skf)

sec.cloudapps.cisco.com/...ory/cisco-sa-asa-ssl-dos-7uZWwSEy

cve.org (CVE-2020-26074)

nvd.nist.gov (CVE-2020-26074)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2020-26074

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.