Vulnerability Description
A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation of files that are uploaded to an affected device. An attacker could exploit this vulnerability by uploading a crafted file to an affected system. An exploit could allow the attacker to view or modify arbitrary files on the targeted system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Sd-Wan Firmware | <= 18.3.0 |
| Cisco | 1100-4G Integrated Services Router | - |
| Cisco | 1100-4Gltegb Integrated Services Router | - |
| Cisco | 1100-4Gltena Integrated Services Router | - |
| Cisco | 1100-6G Integrated Services Router | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vVendor Advisory
FAQ
What is CVE-2020-3381?
CVE-2020-3381 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access t...
How severe is CVE-2020-3381?
CVE-2020-3381 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-3381?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Sd-Wan Firmware, Cisco 1100-4G Integrated Services Router, Cisco 1100-4Gltegb Integrated Services Router, Cisco 1100-4Gltena Integrated Services Router, Cisco 1100-6G Integrated Services Router.