CVE-2020-26071 — Vulnetix

CVE-2020-26071 PUBLISHED CVSS 8.399999618530273 HIGH

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation for specific commands. An attacker could exploit this vulnerability by including crafted arguments to those specific commands. A successful exploit could allow the attacker to create or overwrite arbitrary files on the affected device, which could result in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

EPSS 0.14% · 33.2th percentile

Risk Scores

CVSS 3.1

8.399999618530273

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

EPSS Score

0.14%

33.2th percentile

Affected Products

Vendor	Product	Versions
cisco	catalyst_sd-wan_manager	18.2.0, 17.2.9, 17.2.8
cisco	catalyst_sd-wan_manager	20.3.1, 20.1.1.1, 19.3.0
Cisco	Cisco Catalyst SD-WAN Manager	18.3.3, 18.3.1, 19.1.0

Exploit Intelligence

cisco-sa-vman-traversal-hQh24tmk (circl)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy (circl)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-escalation-Jhqs5Skf (circl)
CIRCL seen: CVE-2020-26073 (circl-sighting)
CIRCL seen: CVE-2020-26073 (circl-sighting)
CIRCL seen: CVE-2020-26073 (circl-sighting)
CIRCL exploited: CVE-2020-26073 (circl-sighting)
CIRCL exploited: CVE-2020-26073 (circl-sighting)

Timeline

Nov 5, 2020 CVE Published
Nov 6, 2020 CVE Updated
Nov 18, 2024 PoC Published
Nov 19, 2024 EPSS Score
Dec 7, 2024 EPSS Score
Dec 25, 2024 EPSS Score
Jan 11, 2025 EPSS Score
Jan 29, 2025 EPSS Score
Feb 15, 2025 EPSS Score
Mar 5, 2025 EPSS Score
Mar 22, 2025 EPSS Score
Apr 9, 2025 EPSS Score

References

Open in Interactive Console →