CVE-2020-26073

HIGH Year: 2020
CVSS v3 Score
7.5
High
Weakness Type
CWE-35
View all →

Vulnerability Description

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and gain access to sensitive information including credentials or user tokens.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Related Vulnerabilities

CVE-2022-2265

HIGH
CVSS:7.5(High)

The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.2...

CWE-352022

CVE-2022-3693

HIGH
CVSS:7.5(High)

Path Traversal vulnerability in Deytek Informatics FileOrbis File Management System allows Path Traversal.This issue affects FileOrbis File Management System: from unspecified before 10.6.3.

CWE-352022

CVE-2022-48476

HIGH
CVSS:7.5(High)

In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible

CWE-352022

CVE-2023-6252

HIGH
CVSS:7.5(High)

Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensit...

CWE-352023

CVE-2024-36991

HIGH
CVSS:7.5(High)

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerabil...

CWE-352024