Vulnerability Description
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the filesystem of the underlying operating system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Sd-Wan Firmware | < 19.2.3 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/162958/Cisco-SD-WAN-vManage-19.2.2-Remote-RExploitThird Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vVendor Advisory
- http://packetstormsecurity.com/files/162958/Cisco-SD-WAN-vManage-19.2.2-Remote-RExploitThird Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vVendor Advisory
FAQ
What is CVE-2020-3437?
CVE-2020-3437 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device....
How severe is CVE-2020-3437?
CVE-2020-3437 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-3437?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Sd-Wan Firmware.