CVE-2020-26074

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 18, 2024
CWE ID 250

Summary

CVE-2020-26074 is a vulnerability affecting Cisco SD-WAN vManage Software. An authenticated, local attacker can exploit this issue by sending specially crafted path variables to the vulnerable system, potentially allowing them to overwrite arbitrary files and escalate privileges on the underlying operating system. The root cause is improper validation of path input to system file transfer functions. Cisco has issued software updates to mitigate this vulnerability, and no workarounds have been identified.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Cisco Catalyst SD-WAN Manager

Affected Vendors

  • Cisco Systems Inc