VDB
CVE-2020-3437
CVE-2020-3437
PUBLISHED
CVSS 6.5 MEDIUM
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the filesystem of the underlying operating system.
EPSS 1.23% · 79.5th percentile
Risk Scores
CVSS 3.0
6.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
1.23%
79.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco SD-WAN vManage | * |
| cisco | sd-wan_firmware | 0 |
Exploit Intelligence
- http://packetstormsecurity.com/files/162958/Cisco-SD-WAN-vManage-19.2.2-Remote-Root.html (nist-nvd)
- 20200715 Cisco SD-WAN vManage Software Information Disclosure Vulnerability (circl)
- Cisco SD-WAN vManage 19.2.2 Remote Root Exploit (0day-today)
- Cisco SD-WAN vManage 19.2.2 Remote Root Exploit (0day-today)
Timeline
- Jul 15, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 3, 2021 PoC Published
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score