CVE-2020-26074
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Nov 18, 2024
CWE ID 250
Summary
CVE-2020-26074 is a vulnerability affecting Cisco SD-WAN vManage Software. An authenticated, local attacker can exploit this issue by sending specially crafted path variables to the vulnerable system, potentially allowing them to overwrite arbitrary files and escalate privileges on the underlying operating system. The root cause is improper validation of path input to system file transfer functions. Cisco has issued software updates to mitigate this vulnerability, and no workarounds have been identified.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Cisco Catalyst SD-WAN Manager
Affected Vendors
- Cisco Systems Inc