CVE-2020-3381
Cisco SD-WAN vManage Software Directory Traversal Vulnerability
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation of files that are uploaded to an affected device. An attacker could exploit this vulnerability by uploading a crafted file to an affected system. An exploit could allow the attacker to view or modify arbitrary files on the targeted system.
Una vulnerabilidad en la interfaz de administración web de Cisco SD-WAN vManage Software podría permitir a un atacante remoto autenticado llevar a cabo ataques de salto de directorio y obtener acceso de lectura y escritura a archivos confidenciales en un sistema objetivo. La vulnerabilidad es debido a una falta de comprobación apropiada de los archivos que son cargados en un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad mediante la carga de un archivo diseñado sobre un sistema afectado. Un explotación podría permitir al atacante visualizar o modificar archivos arbitrarios en el sistema objetivo
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-12-12 CVE Reserved
- 2020-07-16 CVE Published
- 2024-10-11 EPSS Updated
- 2024-11-15 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | <= 18.3.0 Search vendor "Cisco" for product "Sd-wan Firmware" and version " <= 18.3.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-4g Integrated Services Router Search vendor "Cisco" for product "1100-4g Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | <= 18.3.0 Search vendor "Cisco" for product "Sd-wan Firmware" and version " <= 18.3.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-4gltegb Integrated Services Router Search vendor "Cisco" for product "1100-4gltegb Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | <= 18.3.0 Search vendor "Cisco" for product "Sd-wan Firmware" and version " <= 18.3.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-4gltena Integrated Services Router Search vendor "Cisco" for product "1100-4gltena Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | <= 18.3.0 Search vendor "Cisco" for product "Sd-wan Firmware" and version " <= 18.3.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-6g Integrated Services Router Search vendor "Cisco" for product "1100-6g Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | >= 18.4.0 < 19.2.3 Search vendor "Cisco" for product "Sd-wan Firmware" and version " >= 18.4.0 < 19.2.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-4g Integrated Services Router Search vendor "Cisco" for product "1100-4g Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | >= 18.4.0 < 19.2.3 Search vendor "Cisco" for product "Sd-wan Firmware" and version " >= 18.4.0 < 19.2.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-4gltegb Integrated Services Router Search vendor "Cisco" for product "1100-4gltegb Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | >= 18.4.0 < 19.2.3 Search vendor "Cisco" for product "Sd-wan Firmware" and version " >= 18.4.0 < 19.2.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-4gltena Integrated Services Router Search vendor "Cisco" for product "1100-4gltena Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | >= 18.4.0 < 19.2.3 Search vendor "Cisco" for product "Sd-wan Firmware" and version " >= 18.4.0 < 19.2.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-6g Integrated Services Router Search vendor "Cisco" for product "1100-6g Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | >= 19.3.0 <= 20.1 Search vendor "Cisco" for product "Sd-wan Firmware" and version " >= 19.3.0 <= 20.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-4g Integrated Services Router Search vendor "Cisco" for product "1100-4g Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | >= 19.3.0 <= 20.1 Search vendor "Cisco" for product "Sd-wan Firmware" and version " >= 19.3.0 <= 20.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-4gltegb Integrated Services Router Search vendor "Cisco" for product "1100-4gltegb Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | >= 19.3.0 <= 20.1 Search vendor "Cisco" for product "Sd-wan Firmware" and version " >= 19.3.0 <= 20.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-4gltena Integrated Services Router Search vendor "Cisco" for product "1100-4gltena Integrated Services Router" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Sd-wan Firmware Search vendor "Cisco" for product "Sd-wan Firmware" | >= 19.3.0 <= 20.1 Search vendor "Cisco" for product "Sd-wan Firmware" and version " >= 19.3.0 <= 20.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 1100-6g Integrated Services Router Search vendor "Cisco" for product "1100-6g Integrated Services Router" | - | - |
Safe
|