CVE-2020-26073

Basic Information

CVE State

PUBLISHED

Reserved Date

September 24, 2020

Published Date

November 18, 2024

Last Updated

November 18, 2024

Vendor

Cisco

Product

Cisco Catalyst SD-WAN Manager

Description

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and gain access to sensitive information including credentials or user tokens.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Tags

edge nuclei_scanner

CVSS Scores

EPSS Score

Score

89.50% (Percentile: 99.52%) as of 2025-07-28

SSVC Information

Exploitation

none

Automatable

Yes

Technical Impact

partial

Exploit Status

Exploited in the Wild

Yes (2025-07-24 00:00:00 UTC) Source