Cyber Resilience

CVE-2020-26073

High

Published: 18 November 2024

Published
18 November 2024
Modified
04 August 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.9093 99.6th percentile
Risk Priority 70 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-26073 is a high-severity Path Traversal: '.../...//' (CWE-35) vulnerability in Cisco Catalyst Sd-Wan Manager. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 0.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic…

more

interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and gain access to sensitive information including credentials or user tokens.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
catalyst sd-wan manager
17.2.10, 17.2.4, 17.2.5, 17.2.6, 17.2.7

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References